How To Attach An Ipv6 Router Advertisement Guard Policy To An Interface - Cisco Catalyst 2960-X Security Configuration Manual
Cisco ios release 15.0(2)ex
Hide thumbs
Also See for Catalyst 2960-X:
- Command reference manual (135 pages) ,
- Hardware installation manual (34 pages) ,
- Getting started manual (25 pages)
Table of Contents
Advertisement
How to Attach an IPv6 Router Advertisement Guard Policy to an Interface
Command or Action
Step 7
[no]other-config-flag {on | off}
Example:
Switch(config-nd-raguard)#
other-config-flag on
Step 8
[no]router-preference maximum {high |
medium | low}
Example:
Switch(config-nd-raguard)#
router-preference maximum high
Step 9
[no]trusted-port
Example:
Switch(config-nd-raguard)# trusted-port
Step 10
default {device-role | hop-limit {maximum |
minimum} | managed-config-flag | match {ipv6
access-list | ra prefix-list } | other-config-flag |
router-preference maximum| trusted-port}
Example:
Switch(config-nd-raguard)# default
hop-limit
Step 11
do show ipv6 nd raguard policy policy_name
Example:
Switch(config-nd-raguard)# do show ipv6
nd raguard policy example_policy
How to Attach an IPv6 Router Advertisement Guard Policy to an Interface
Beginning in privileged EXEC mode, follow these steps to attach an IPv6 Router Advertisement policy to an
interface or to VLANs on the interface :
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
456
Purpose
Enables filtering of Router Advertisement messages by the Other
Configuration, or "O" flag field. A rouge RA message with an O field
of 1 can cause a host to use a rogue DHCPv6 server. If not configured,
this filter is disabled.
On—Accepts and forwards RA messages with an O value of 1, blocks
those with 0.
Off—Accepts and forwards RA messages with an O value of 0, blocks
those with 1.
Enables filtering of Router Advertisement messages by the Router
Preference flag. If not configured, this filter is disabled.
• high—Accepts RA messages with the Router Preference set to
high, medium, or low.
• medium—Blocks RA messages with the Router Preference set
to high.
• low—Blocks RA messages with the Router Preference set to
medium and high.
When configured as a trusted port, all attached devices are trusted,
and no further message verification is performed.
Restores a command to its default value.
(Optional)—Displays the ND Guard Policy configuration without
exiting the RA Guard policy configuration mode.
Configuring IPv6 First Hop Security
OL-29048-01
Hide quick links:
Advertisement
Table of Contents
