62-51
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 62 Configuring Network Security with ACLs
Configuring RA Guard
Figure 62-10 Typical RA Guard Deployment
Configuring RA Guard
To configure RA Guard, perform this step:
Examples
This examples shows how to enable RA Guard on the switch:
Switch(config)# int gi1/1
Switch(config-if)# ipv6 nd raguard
Switch(config-if)# end
Switch# show running-configuration interface gi1/1
Building configuration...
Host A
Router
Catalyst 4500
Series Switch
253725
Host B
Block incoming
RA
Block
incoming
RA
Allow incoming
RA
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 1
Switch(config)# interface interface
Enters interface mode.
Step 2
Switch(config-if)# [no] ipv6 nd
raguard
Enables RA Guard on the switch.
Step 3
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 4
Switch# show ipv6 nd raguard policy
policy_name
Shows the policy on which RA Guard has been enabled.
Note With Cisco Release IOS XE 3.4.0SG and IOS 15.1(2)SG, the
show ipv6 nd raguard policy command replaces the show ipv6
first-hop policies command.
Step 5
Switch# show ipv6 first-hop
counters interface
Shows the number of packets dropped per port due to RA Guard. The
counters can be displayed for a particular interface by using the interface
option.
Note If counters are not enabled for the port, the counter value is zero.
Step 6
Switch# clear ipv6 snooping
counters interface
Clears RA Guard counters on a particular interface.
The counters on all interfaces are cleared if the interface option is absent.