54-38
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 54 Configuring Network Security with ACLs
Configuring RA Guard
Examples
This examples shows how to enable RA Guard on the switch:
Switch(config)# int gi1/1
Switch(config-if)# ipv6 nd raguard
Switch(config-if)# end
Switch# show running-configuration interface gi1/1
Building configuration...
Current configuration : 53 bytes
!
interface GigabitEthernet1/1
ipv6 nd raguard
end
The following example shows a sample output of the show ipv6 commands:
Switch# show ipv6 snooping counters int gi 2/48
Received messages on gi 2/48 :
Protocol Protocol message
NDP RS[9] RA[131] NS[7] NA[2]
DHCPv6 SOL[24] ADV[2] REQ[1] REP[1]
Bridged messages from gi 2/48 :
Protocol Protocol message
NDP RS[9] NS[7] NA[2]
DHCPv6 SOL[24] ADV[1] REQ[1] REP[1]
Dropped messages on gi 2/48 :
Feature Protocol Msg [Total dropped]
Snooping NDP RA [131]
reason: Packet not authorized on port [131]
NS [2]
reason: Packet accepted but not forwarded [2]
Switch#
Note Beginning with Cisco IOS Release 15.0(2)SG, per port RA Guard ACL statistics are supported and
displayed when you enter a show ipv6 snooping counters interface command. (Previous to this release,
you enter the show ipv6 first-hop counters interface command.)
Step 5
Switch# show ipv6 first-hop
counters interface
Shows the number of packets dropped per port due to RA Guard. The
counters can be displayed for a particular interface by using the interface
option.
Note If counters are not enabled for the port, the counter value is zero.
Step 6
Switch# clear ipv6 snooping
counters interface
Clears RA Guard counters on a particular interface.
The counters on all interfaces are cleared if the interface option is absent.
Command Purpose
To Next Page
Loading...
