About this task
Create an rag_pol_1 RA Guard policy for the router and configure the source IPv6 access
list to allow only the RA packets that originate from the source IPv6
address fe80:0:0:0:cef9:54ff:feb4:9481/128. This configuration
verifies the prefixes sent in the RA packets.
Procedure
-
Enter Global Configuration mode:
enable
configure
terminal
- Enter the RA Guard mode and configure RA Guard policy (rag_pol_1) for the interface connected to a router.
ipv6 fhs ra-guard policy rag_pol_1
- Configure the source
IPv6 access list to allow only RA packets originating from the source
IPv6 address fe80:0:0:0:cef9:54ff:feb4:9481/128.
match ipv6 ra-srcaddr-list ipv6_acl_1
- Verify the prefixes sent in the RA packets so that the
rtr_pip IPv6 ACL configuration allows only the prefix 60::0/64.
match reply ra-prefix-list ipv6_acl_1