Configuring IPv6 RA Guard
The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router
advertisement guard messages that arrive at the network device platform.
To configure the IPv6 RA guard, perform the following steps:
1.
Configure the terminal to enter the Global Configuration mode.
EXEC Privilege mode
configure terminal
2.
Enable the IPv6 RA guard.
CONFIGURATION mode
ipv6 nd ra-guard enable
3.
Create the policy.
POLICY LIST CONFIGURATION mode
ipv6 nd ra-guard policy policy-name
4.
Define the role of the device attached to the port.
POLICY LIST CONFIGURATION mode
device-role {host | router}
Use the keyword host to set the device role as host.
Use the keyword router to set the device role as router.
5.
Set the hop count limit.
POLICY LIST CONFIGURATION mode
hop-limit {maximum | minimum limit}
The hop limit range is from 0 to 254.
6.
Set the managed address configuration flag.
POLICY LIST CONFIGURATION mode
managed-config-flag {on | off}
7.
Enable verification of the sender IPv6 address in inspected messages from the authorized device
source access list.
POLICY LIST CONFIGURATION mode
match ra{ipv6-access-list name | ipv6-prefix-list name | mac-access-list
name}
8.
Enable verification of the advertised other configuration parameter.
POLICY LIST CONFIGURATION mode
other-config-flag {on | off}
9.
Enable verification of the advertised default router preference value. The preference value must be
less than or equal to the specified limit.
IPv6 Routing
457