Cisco Cisco SG500-52PP 52-port Gigabit Max PoE+ Stackable Managed Switch 技术参考
IPv6 First Hop Security
1134
78-21491-01 Command Line Interface Reference Guide
59
Syntax
ipv6 nd raguard other-config-flag {on | off}
no ipv6 nd raguard other-config-flag
Parameters
•
on—The value of the flag must be 1.
•
off—The value of the flag must be 0.
Default Configuration
Verification is not enabled.
Command Mode
Global configuration
User Guidelines
This command enables verification of the advertised “Other Configuration” flag (or
"O" flag) in an RA message (see RFC4861). This flag could be set by an attacker to
force hosts to retrieve other configuration information through a DHCPv6 server
that might not be trustworthy.
"O" flag) in an RA message (see RFC4861). This flag could be set by an attacker to
force hosts to retrieve other configuration information through a DHCPv6 server
that might not be trustworthy.
Example
The following example shows how the command enables O flag verification that
checks if the value of the flag is 0:
checks if the value of the flag is 0:
ipv6 nd raguard other-config-flag off
59.32 ipv6 nd raguard policy
To define an RA Guard policy name and place the switch in IPv6 RA Guard Policy
Configuration mode, use the ipv6 nd raguard policy command in Global
Configuration mode. To remove the RA Guard policy, use the no form of this
command.
Configuration mode, use the ipv6 nd raguard policy command in Global
Configuration mode. To remove the RA Guard policy, use the no form of this
command.
Syntax
ipv6 nd raguard policy
policy-name
no ipv6 nd raguard policy
policy-name