MES3000 Ethernet switch series 87
console(config-tunnel)# tunnel source ip-address 192.168.16.88
5.14.3 IPv6 RA guard configuration
IPv6 RA guard function provides attacks protection based on sending fake Router Advertisement
packets and allows sending messages only from trusted ports.
Global Configuration Mode Commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.68—Global configuration mode commands
Enable IPv6 RA guard management for the switch.
ipv6 nd raguard vlan
vlan
Enable IPv6 RA guard management for the switch within the
specified VLAN.
- vlan – VLAN number.
Ethernet Interface Configuration Mode Commands
Command line request in the interface configuration mode appears as follows:
console (config-if)#
Table 5.69—Ethernet interface configuration mode commands
ipv6 nd raguard device-role
{host | router }
Port operation mode selection.
- host – block all incoming RA messages;
- router – filter RA messages according to the configured rules.
ipv6 nd raguard match access-
list acl
Enable ACL for filtering RA messages in router mode.
- acl – ACL name.
no ipv6 nd raguard match
access-list
Disable ACL for filtering RA meassages.
ipv6 nd raguard match prefix-
list prefix_list
prefix_list: (1..32)
characters
Enable prefix-list for filtering RA messages in router mode.
- prefix-list – prefix-list name.
no ipv6 nd raguard match
prefix-list
Disable prefix-list for filtering RA messages.
ipv6 nd raguard trustedport
By default, all ports are
untrusted
Add port to the trusted list.
no ipv6 nd raguard
trustedport
Delete port from the trusted list.
5.14.4 DHCPv6 guard configuration
The DHCPv6 guard feature prevents third-party DHCPv6 servers on the network and allows their use
only on trusted interfaces.
Global Configuration Mode Commands
Command line request in global configuration mode appears as follows:
console(config)#
To Next Page
Loading...
