Enabling The Ra Guard Logging Feature; Displaying And Maintaining Ra Guard; Ra Guard Configuration Example; Network Requirements - HP FlexNetwork 10500 Series Security Configuration Manual

Enabling the RA guard logging feature

This feature allows a device to generate logs when it detects forged RA messages. Each log records
the following information:
•
Name of the interface that received the forged RA message.
•
Source IP address of the forged RA message.
•
Number of RA messages dropped on the interface.
To avoid excessive log output, the device output logs every two seconds.
To enable the RA guard logging feature:
Step
1. Enter system view.
2. Enable the RA guard logging
feature.

Displaying and maintaining RA guard

Execute display commands in any view and reset commands in user view.
Task
Display the RA guard policy
configuration.
Display RA guard statistics.
Clear RA guard statistics.

RA guard configuration example

Network requirements

As shown in
the switch are in VLAN 10.
Configure RA guard on the switch to filter forged and unwanted RA messages.
•
Configure an RA policy in VLAN 10 for GigabitEthernet 1/0/2 to filter all RA messages received
from the unknown device.
•
Specify host as the role of the host. All RA messages received on GigabitEthernet 1/0/1 are
dropped.
•
Specify router as the role of the router. All RA messages received on GigabitEthernet 1/0/2 are
forwarded.
Command
system-view
ipv6 nd raguard log enable
Figure 152, GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of
Command
display ipv6 nd raguard policy [ policy-name ]
display ipv6 nd raguard statistics [ interface interface-type
interface-number ]
reset ipv6 nd raguard statistics [ interface interface-type
interface-number ]
518
Remarks
N/A
By default, the RA guard logging
feature is disabled.