481
Verifying the configuration
Verify that Device B inspects all ND messages received by GigabitEthernet 1/0/1 and
GigabitEthernet 1/0/2 based on the ND snooping entries. (Details not shown.)
Configuring RA guard
About RA guard
RA guard allows Layer 2 access devices to analyze and block unwanted and forged RA messages.
Upon receiving an RA message, the device makes the forwarding or dropping decision based on the
role of the attached device or the RA guard policy.
1. If the role of the device attached to the receiving port is router, the device forwards the RA
message. If the role is host, the device drops the RA message.
2. If no attached device role is set, the device uses the RA guard policy applied to the VLAN of the
receiving port to match the RA message.
ï‚¡ If the policy does not contain match criteria, the policy will not take effect and the device
forwards the RA message.
ï‚¡ If the RA message content matches every criterion in the policy, the device forwards the
message. Otherwise, the device drops the message.
Specifying the role of the attached device
Make sure your setting is consistent with the type of the attached device. If you are not aware of the
device type, do not specify a role for the device.
To specify the role of the attached device:
1. Enter system view.
N/A
2.
Enter Layer 2 Ethernet or
aggregate interface view.
interface
interface-type
interface-number
N/A
3. Specify the role of the device
attached to the port.
ipv6 nd raguard role
{
host
|
router
}
By default, the role of the device
attached to the port is not
specified.
M
consistent with the device type.
Configuring and applying an RA guard policy
Configure an RA guard policy if you do not specify a role for the attached device or if you want to filter
the RA messages sent by a router.
To configure and apply an RA guard policy:
1. Enter system view.
N/A
2. Create an RA guard policy
and enter its view.
policy-name
By default, no RA guard policies exist.
By default, no ACL match criterion
To Next Page
Loading...
Need help?
General