62-52
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 62 Configuring Network Security with ACLs
Configuring RA Guard
Current configuration : 53 bytes
!
interface GigabitEthernet1/1
ipv6 nd raguard
end
The following example shows a sample output of the show ipv6 commands:
Switch# show ipv6 snooping counters int gi 2/48
Received messages on gi 2/48 :
Protocol Protocol message
NDP RS[9] RA[131] NS[7] NA[2]
DHCPv6 SOL[24] ADV[2] REQ[1] REP[1]
Bridged messages from gi 2/48 :
Protocol Protocol message
NDP RS[9] NS[7] NA[2]
DHCPv6 SOL[24] ADV[1] REQ[1] REP[1]
Dropped messages on gi 2/48 :
Feature Protocol Msg [Total dropped]
Snooping NDP RA [131]
reason: Packet not authorized on port [131]
NS [2]
reason: Packet accepted but not forwarded [2]
Switch#
Note Beginning with Cisco IOS Release 15.0(2)SG, per port RA Guard ACL statistics are supported and
displayed when you enter a show ipv6 snooping counters interface command. (Previous to this release,
you enter the show ipv6 first-hop counters interface command.)
Note Be aware that only RA (Router Advertisement) and REDIR (Router Redirected packets) counters are
supported in 12.2(54)SG.
Switch# show ipv6 nd raguard policy RA_GUARD
Policy RA_GUARD configuration:
device-role router
Policy RA_GUARD is applied on the following targets:
Target Type Policy Feature Target range
Gi 1/1 PORT RA_GUARD RA guard vlan all
Switch#
Note With Cisco Release IOS XE 3.4.0SG and IOS 15.1(2)SG, the show ipv6 nd raguard policy command
replaces the show ipv6 first-hop policies command.
Usage Guidelines
Observe the following restrictions: