Match Ra Prefixes - Cisco 300 Series Cli Manual
Stackable managed switches
Hide thumbs
Also See for 300 Series:
- Cli manual (899 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
IPv6 First Hop Security
OL-32830-01 Command Line Interface Reference Guide
25.56 match ra prefixes
To enable verification of the advertised prefixes in received RA messages within
an IPv6 RA Guard policy, use the match ra prefixes command in RA Guard Policy
Configuration mode. To return to the default, use the no form of this command.
Syntax
match ra prefixes {prefix-list
no match ra prefixes
Parameters
•
ipv6-prefix-list-name
prefix-list
•
disable—Disables verification of the advertised prefixes in received RA
messages.
Default Configuration
Policy attached to port or port channel: the value configured in the policy attached
to the VLAN.
Policy attached to VLAN: advertised prefixes are not verified.
Command Mode
RA Guard Policy Configuration mode
User Guidelines
This command enables verification of the advertised prefixes in received RA
messages by a configured prefix list. If an advertised prefix does not match the
prefix list, or if the prefix list is not configured, the RA message is dropped.
Use the disable keyword to disable verification of the advertised prefixes in
received RA messages in both global or the VLAN configuration.
Example
The following example defines an RA Guard policy named policy1, places the
switch in RA Guard configuration mode, matches the prefixes to the prefix list
named list1, and the 2001:101::/64 prefixes and denies 2001:100::/64 prefixes:
switchxxxxxx(config)#
ipv6-prefix-list-name
—The IPv6 prefix list to be matched.
ipv6 nd raguard policy policy1
} | disable
25
560
Advertisement
Table of Contents
