Example of configuring ipv6 ra guard, Example: configuring ipv6 ra guard on a device, Example: configuring ipv6 ra guard in a network – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

10.(Optional) Clear the RA packet counter using the clear ipv6 raguard command.
11.(Optional) Verify the RA packet counts using the show ipv6 raguard counts command. Logging

has to be enabled to verify the counts.

Example of configuring IPv6 RA guard

The following sections describe how to configure IPv6 RA guard on a device or in a network.

Example: Configuring IPv6 RA guard on a device

The following example shows how to configure RA guard on a device.

Brocade(config)# ipv6 raguard whitelist 1 permit fe80:db8::db8:1

Brocade(config)# ipv6 raguard whitelist 1 permit fe80:db8::db8:3

Brocade(config)# ipv6 raguard whitelist 1 permit fe80:db8::db8:10

Brocade(config)# ipv6 raguard policy policy1

Brocade(ipv6-RAG-policy policy1)# whitelist 1

Brocade(ipv6-RAG-policy policy1)# prefix-list raguard-prefix1

Brocade(ipv6-RAG-policy policy1)# preference-maximum medium

Brocade(ipv6-RAG-policy policy1)# logging

Brocade(ipv6-RAG-policy policy1)# exit

Brocade(config)# interface ethernet 1/1/1

Brocade(config-int-e1000-1/1/1)# raguard untrusted

Brocade(config-int-e1000-1/1/1)# exit

Brocade(config)# ipv6 raguard vlan 1 policy policy1

Brocade(config)# show ipv6 raguard all

Brocade(config)# show ipv6 raguard counts all

Example: Configuring IPv6 RA guard in a network

The following example shows how to configure IPv6 RA guard on devices in a network. In this network
topology, port A (ethernet 1/1/1) is configured as trusted, port B (ethernet 1/1/2) is configured as
untrusted, and port C (ethernet 1/1/3) is configured as host. A whitelist is configured on port B.

Example of configuring IPv6 RA guard

364

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03