Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

What is RA-guard?

This thread has been viewed 10 times

  • 1.  What is RA-guard?

    Posted Apr 03, 2014 12:51 PM

    I am trying to figure out exactly what RA-guard is. I have guessed based on reading other messages that it is something to do with IPv6 router advertisements, but as it's now a default in quite a few roles I wanted to get into a bit more detail about what it is and why it's set to deny. This is the acl;

    ip access-list session ra-guard
      ipv6  user any icmpv6 rtr-adv  deny

     

    Can someone explain what this is and what it's function is in the configuration? The rule itself is interesting to me as well as it seems this is the only place that references rtr-adv, which I am assuming is icmpv6 router advertisements, so some idea of how that works would be great as well.



  • 2.  RE: What is RA-guard?
    Best Answer

    EMPLOYEE
    Posted Apr 03, 2014 12:58 PM

    It's part of the neighbor discovery process in IPv6. The major goal is stop clients from advertising themselves as routers.

     

    It could be compared to the best practice of blocking DHCP server-side traffic from clients (user any udp 68 deny).



  • 3.  RE: What is RA-guard?
    Best Answer



  • 4.  RE: What is RA-guard?

    Posted Dec 03, 2014 01:24 PM

    So this should not effect anything on the IPv4 if it only works with IPv6 correct?



  • 5.  RE: What is RA-guard?

    EMPLOYEE
    Posted Dec 03, 2014 01:25 PM
    Correct


  • 6.  RE: What is RA-guard?

    Posted Dec 03, 2014 05:17 PM

    Thanks Sir!



  • 7.  RE: What is RA-guard?

    Posted Dec 03, 2014 05:15 PM

    Internal DB greyed out on master to create guest username/pwd but local is working, how can I fix this both master/local are on same versions also. Under Security-Auth-Servers.