54-37
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 54 Configuring Network Security with ACLs
Configuring RA Guard
Note Beginning with Cisco IOS Release 15.0(2)SG, per port RA Guard ACL statistics are supported and
displayed when you enter a show ipv6 snooping counters interface command. (Previous to this release,
you enter the show ipv6 first-hop counters interface command.)
Deployment
Figure 54-10 illustrates a deployment scenario for RA Guard. We drop RA packets from ports that are
connected to hosts and permit RA packets from ports connected to the Router.
Figure 54-10 Typical RA Guard Deployment
Configuring RA Guard
To configure RA Guard, perform this step:
Host A
Router
Catalyst 4500
Series Switch
253725
Host B
Block incoming
RA
Block
incoming
RA
Allow incoming
RA
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 1
Switch(config)# interface interface
Enters interface mode.
Step 2
Switch(config-if)# [no] ipv6 nd
raguard
Enables RA Guard on the switch.
Step 3
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 4
Switch# show ipv6 nd raguard policy
policy_name
Shows the policy on which RA Guard has been enabled.
Note With Cisco Release IOS XE 3.4.0SG and IOS 15.1(2)SG, the
show ipv6 nd raguard policy command replaces the show ipv6
first-hop policies command.
To Next Page
Loading...
Need help?
General
