Users Guide
6. The system permits or denies the RA guard packets based on the results of the validation. Specify the prefix, access, or
MAC list against which the RA guard packet is validated.
OS10(conf-ra_guard_policy_list)# match ra ipv6-prefix-list example_prefix_list
OS10(conf-ra_guard_policy_list)# exit
OS10(conf-ra_guard_policy_list)# match ra ipv6-access-list example-access-list
OS10(conf-ra_guard_policy_list)# exit
OS10(conf-ra_guard_policy_list)# match ra mac-access-list example-maclist
7. Specify the maximum transmission unit (MTU) against which the RA packet is validated.
OS10(conf-ra_guard_policy_list)# mtu 1280
8. If this command is set to off, the system verifies the advertised other configuration parameter is set to off in the RA packet
and the other way round.
OS10(conf-ra_guard_policy_list)# other-config-flag on
9. Configure the reachability timer value.
OS10(conf-ra_guard_policy_list)# reachable-time 100
10. Configure the retransmission timer value.
OS10(conf-ra_guard_policy_list)# retrans-timer 100
11. Configure the router preference.
OS10(conf-ra_guard_policy_list)# router-preference maximum high
12. Configure the lifetime of the router.
OS10(conf-ra_guard_policy_list)# router-lifetime 100
13. Apply the policy to an interface.
OS10(config)# interface ethernet 1/1/6
OS10(conf-if-eth1/1/6)# ipv6 nd ra-guard attach-policy ra-guard-test-policy vlan 1
OS10# show ipv6 nd ra-guard ra-guard-test-policy
ipv6 nd ra-guard policy ra-guard-test-policy
device-role router
managed-config true
other-config true
mtu 1280
reachable time 100
retransmit-timer 100
router-life-time 100
router-preference maximum high
match ra ipv6-prefix-list example_prefix_list
Interfaces Vlans
----------------------------------
ethernet1/1/6 vlan1
IPv6 RA guard commands
clear ipv6 nd ra-guard statistics
Clears the RA packet statistics from all the interfaces that have RA guard policy configured.
Syntax
clear ipv6 nd ra-guard statistics [interface {ethernet node/slot/
port[:subport] | port-channel channel-id}]
906 Layer 3