Netgear M4300-24X (XSM4324CS) - Stackable Switches with Full PoE+ Provisioning 管理者ガイド

If the authentication is successful, the session displays in the output of the show login 
sessions

 command.

Disconnect the user from the DAC.

Spoof attacks can occur on routed protocols. When you operate an IPv6 network in a shared 
Layer 2 network segment, the network can receive and process rogue router advertisement 
(RA) messages that are generated with malicious intent or are caused by an incorrect 
configuration of routers that are connected to the segment.

If the IPv6 network segments are part of one or more managed switches and all traffic 
between the IPv6 end devices traverses through the managed switches, the IPv6 RA Guard 
feature can provide protection against rogue RA messages.

The IPv6 RA Guard feature lets you block or reject rogue RA messages that are received on 
a port. The IPv6 RA Guard feature analyzes the RA messages and compares the 
configuration on the switch with the information in the RA message. If the frame is validated, 
the RA message is forwarded to the unicast or multicast destination. If the RA message is not 
validated, the RA message is dropped by the switch.

The IPv6 RA Guard feature can operate in the following two modes:

Stateless. The switch does not maintain any state and simply validates the RA 
messages as they are received against the configured match criteria.

Stateful. The switch dynamically learns about valid RA senders and stores this 
information to allow subsequent RA messages. The switch listens to the RA messages 
that are received over a short period that you can configure manually. The switch then 
allows RA messages that are received only on the ports on which valid RA messages 
were received during the listening period.

On a managed switch, the IPv6 RA Guard feature supports only the 
stateless mode.

[root@localhost raddb]# cat /usr/local/etc/raddb/test.txt | radclient -x 
172.26.2.145:3799  disconnect 12345678