62-52
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 62 Configuring Network Security with ACLs
Configuring RA Guard
Current configuration : 53 bytes
!
interface GigabitEthernet1/1
ipv6 nd raguard
end
The following example shows a sample output of the
show ipv6
commands:
Switch#
show ipv6 snooping counters int gi 2/48
Received messages on gi 2/48 :
Protocol Protocol message
NDP RS[9] RA[131] NS[7] NA[2]
DHCPv6 SOL[24] ADV[2] REQ[1] REP[1]
Bridged messages from gi 2/48 :
Protocol Protocol message
NDP RS[9] NS[7] NA[2]
DHCPv6 SOL[24] ADV[1] REQ[1] REP[1]
Dropped messages on gi 2/48 :
Feature Protocol Msg [Total dropped]
Snooping NDP RA [131]
reason: Packet not authorized on port [131]
NS [2]
reason: Packet accepted but not forwarded [2]
Switch#
Note
Beginning with Cisco IOS Release 15.0(2)SG, per port RA Guard ACL statistics are supported and
displayed when you enter a
show ipv6 snooping counters
interface
command. (Previous to this release,
you enter the
show ipv6 first-hop counters
interface
command.)
Note
Be aware that only RA (Router Advertisement) and REDIR (Router Redirected packets) counters are
supported in 12.2(54)SG.
Switch#
show ipv6 nd raguard policy RA_GUARD
Policy RA_GUARD configuration:
device-role router
Policy RA_GUARD is applied on the following targets:
Target Type Policy Feature Target range
Gi 1/1 PORT RA_GUARD RA guard vlan all
Switch#
Note
With Cisco Release IOS XE 3.4.0SG and IOS 15.1(2)SG, the
show ipv6 nd raguard policy
command
replaces the
show ipv6 first-hop policies
command.
Usage Guidelines
Observe the following restrictions:
Содержание Catalyst 4500 Series
Страница 2: ......
Страница 4: ......
Страница 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...