04-03-2014 09:50 AM
I am trying to figure out exactly what RA-guard is. I have guessed based on reading other messages that it is something to do with IPv6 router advertisements, but as it's now a default in quite a few roles I wanted to get into a bit more detail about what it is and why it's set to deny. This is the acl;
ip access-list session ra-guard
ipv6 user any icmpv6 rtr-adv deny
Can someone explain what this is and what it's function is in the configuration? The rule itself is interesting to me as well as it seems this is the only place that references rtr-adv, which I am assuming is icmpv6 router advertisements, so some idea of how that works would be great as well.
Solved! Go to Solution.
04-03-2014 09:57 AM - edited 04-03-2014 10:14 AM
It's part of the neighbor discovery process in IPv6. The major goal is stop clients from advertising themselves as routers.
It could be compared to the best practice of blocking DHCP server-side traffic from clients (user any udp 68 deny).
04-03-2014 10:00 AM - edited 04-03-2014 10:07 AM
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
12-03-2014 02:14 PM
Internal DB greyed out on master to create guest username/pwd but local is working, how can I fix this both master/local are on same versions also. Under Security-Auth-Servers.