beautypg.com

Ipv6 raguard whitelist – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 373

background image

Usage Guidelines

You can associate only one RA guard policy with a VLAN. If you associate a new RA guard policy with
a VLAN that already has a policy configured, the new RA guard policy replaces the old one.

Examples

The following example shows how to associate an RA guard policy with a VLAN:

Brocade(config)# ipv6 raguard vlan 1 policy p1

ipv6 raguard whitelist

Configures the RA guard whitelist and adds the IPv6 address as the allowed source IP address. The no
form of this command removes the specified whitelist or an IPv6 address from the whitelist.

Syntax

ipv6 raguard whitelist whitelist-number permit ipv6-address

no i pv6 raguard whitelist whitelist-number [ permit ipv6-address ]

Parameters

whitelist-number

Unique identifier for the RA guard whitelist. Valid values are 0 to 255.

permit

ipv6-address

Adds the specified IPv6 address as the allowed source IP address to the RA guard whitelist.
The specified IPv6 address should be in the format X:X::X:X or X:X::X:X/M.

Modes

Global configuration

Usage Guidelines

Use this command to configure an RA guard whitelist. You can configure source IP addresses from
which RAs are permitted. You can configure up to 64 RA guard whitelists and each whitelist can have a
maximum of 128 entries.

Use the no form of this command to remove an RA guard whitelist or remove a particular IPv6 address
from the RA guard whitelist. Use the no form the command without the permit keyword if you want to
remove the RA guard whitelist. If you want to remove a particular IPv6 address from the whitelist, use
the no form of the command with the permitipv6-address keyword-argument pair.

When a whitelist associated with an RA guard policy is removed, all the entries in the whitelist are also
removed. All the RAs are dropped because there is no whitelist associated with the RA guard policy.

Examples

The following example shows how to configure an RA guard whitelist with the allowed source IP
address:

Brocade(config)# ipv6 raguard whitelist 1 permit fe80:db8::db8:10

The following example shows how to remove an RA guard whitelist:

Brocade(config)# no ipv6 raguard whitelist 1

The following example shows how to remove a particular IPv6 address from the RA guard whitelist:

Brocade(config)# no ipv6 raguard whitelist 1 permit fe80:db8::db8:10

ipv6 raguard whitelist

FastIron Ethernet Switch Security Configuration Guide

373

53-1003088-03

See also other documents in the category Brocade Computer Accessories: