hit counter script

Ra Guard; Overview Of Ipv6 Ra Guard - Cisco Nexus 9000 Series Configuration Manual

Nx-os security configuration guide, release 9.x
Hide thumbs Also See for Nexus 9000 Series:
Table of Contents

Advertisement

RA Guard

• You must also configure IPv6 on the second switch at the VLAN level. You must also configure the
Figure 14: FHS configuration with client and DHCP relay on orphan port
RA Guard

Overview of IPv6 RA Guard

The IPv6 RA Guard feature provides support for allowing the network administrator to block or reject unwanted
or rogue RA guard messages that arrive at the network device platform. RAs are used by devices to announce
themselves on the link. The IPv6 RA Guard feature analyzes these RAs and filters out RAs that are sent by
unauthorized devices. In host mode, all RA and router redirect messages are disallowed on the port. The RA
guard feature compares configuration information on the Layer 2 (L2) device with the information found in
the received RA frame. Once the L2 device has validated the content of the RA frame and router redirect
frame against the configuration, it forwards the RA to its unicast or multicast destination. If the RA frame
content is not validated, the RA is dropped.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
374
IPv6 DHCP Guard policy with a "device-role server" on the server facing orphan port. This prevents the
IPv6 Snooping feature from dropping the DHCP server packets. Both switches learn the client binding
entries individually and will not sync them, because the client is not on a vPC link.
Configuring IPv6 First Hop Security

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents

Save PDF