483
Clear RA guard statistics.
reset ipv6 nd raguard statistics
[
interface
interface-type
interface-number ]
RA guard configuration example
Network requirements
As shown in Figure 146, GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of
Device B are in VLAN 10.
Configure RA guard on Device B to filter forged and unwanted RA messages.
• Configure an RA policy in VLAN 10 for GigabitEthernet 1/0/2 to filter all RA messages received
from the unknown device.
• Specify host as the role of the host. All RA messages received on GigabitEthernet 1/0/1 are
dropped.
• Specify router as the role of the Device A. All RA messages received on GigabitEthernet 1/0/3
are forwarded.
Figure 146 Network diagram
Configuration procedure
# Create an RA guard policy named policy1.
<DeviceB> system-view
[DeviceB] ipv6 nd raguard policy policy1
# Set the maximum router preference to high for the RA guard policy.
[DeviceB-raguard-policy-policy1] if-match router-preference maximum high
# Specify on as the M flag match criterion for the RA guard policy.
[DeviceB-raguard-policy-policy1] if-match autoconfig managed-address-flag on
# Specify on as the O flag match criterion for the RA guard policy.
[DeviceB-raguard-policy-policy1] if-match autoconfig other-flag on
# Set the maximum advertised hop limit to 120 for the RA guard policy.
[DeviceB-raguard-policy-policy1] if-match hop-limit maximum 120
# Set the minimum advertised hop limit to 100 for the RA guard policy.
[DeviceB-raguard-policy-policy1] if-match hop-limit minimum 100
[DeviceB-raguard-policy-policy1] quit
Device A
Device B
Device C
Host
VLAN 10
GE1/0/1 GE1/0/2
GE1/0/3
To Next Page
Loading...
Need help?
General