Creating an RA Guard policy for the router

About this task

Create an rag_pol_1 RA Guard policy for the router and configure the source IPv6 access list to allow only the RA packets that originate from the source IPv6 address fe80:0:0:0:cef9:54ff:feb4:9481/128. This configuration verifies the prefixes sent in the RA packets.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enter the RA Guard mode and configure RA Guard policy (rag_pol_1) for the interface connected to a router.

    ipv6 fhs ra-guard policy rag_pol_1

  3. Configure the source IPv6 access list to allow only RA packets originating from the source IPv6 address fe80:0:0:0:cef9:54ff:feb4:9481/128.

    match ipv6 ra-srcaddr-list ipv6_acl_1

  4. Verify the prefixes sent in the RA packets so that the rtr_pip IPv6 ACL configuration allows only the prefix 60::0/64.

    match reply ra-prefix-list ipv6_acl_1