nd-snooping ra-guard
Syntax
nd-snooping ra-guard [log]
no nd-snooping ra-guard
Description
This command enables Routing Advertisement (RA) guard on the selected VLAN. When enabled, ingress Routing Advertisement (RA) and Routing Redirect (RR) packets on the selected VLAN are blocked on untrusted ports. The packets are forwarded when received on trusted ports.
The no form of the command disables RA guard on the VLAN.
NOTE: ND snooping must be enabled in both the global context and the config-vlan context before this command can be used.
Command context
config-vlan
Parameters
[log]
Logs messages along with drop functionality.
Authority
Administrators or local user group members with execution rights for this command.
Examples
Enabling ND snooping RA guard on VLAN 100:
switch(config)# nd-snooping enable switch(config)# vlan 100 switch(config-vlan-100)# nd-snooping ra-guard switch(config-vlan-100)# exit switch(config)#
Enabling ND snooping RA guard on VLAN 100 with event logging on dropped packets:
switch(config)# nd-snooping enable switch(config)# vlan 100 switch(config-vlan-100)# nd-snooping ra-guard log switch(config-vlan-100)# exit switch(config)#
Disabling ND snooping RA guard on VLAN 100:
switch(config)# vlan 100 switch(config-vlan-100)# no nd-snooping ra-guard switch(config-vlan-100)# exit switch(config)#