nd-snooping ra-guard

Syntax

nd-snooping ra-guard [log]

no nd-snooping ra-guard

Description

This command enables Routing Advertisement (RA) guard on the selected VLAN. When enabled, ingress Routing Advertisement (RA) and Routing Redirect (RR) packets on the selected VLAN are blocked on untrusted ports. The packets are forwarded when received on trusted ports.

The no form of the command disables RA guard on the VLAN.

NOTE: ND snooping must be enabled in both the global context and the config-vlan context before this command can be used.

Command context

config-vlan

Parameters

[log]

Logs messages along with drop functionality.

Authority

Administrators or local user group members with execution rights for this command.

Examples

Enabling ND snooping RA guard on VLAN 100:

switch(config)# nd-snooping enable
switch(config)# vlan 100
switch(config-vlan-100)# nd-snooping ra-guard
switch(config-vlan-100)# exit
switch(config)#

Enabling ND snooping RA guard on VLAN 100 with event logging on dropped packets:

switch(config)# nd-snooping enable
switch(config)# vlan 100
switch(config-vlan-100)# nd-snooping ra-guard log
switch(config-vlan-100)# exit
switch(config)#

Disabling ND snooping RA guard on VLAN 100:

switch(config)# vlan 100
switch(config-vlan-100)# no nd-snooping ra-guard
switch(config-vlan-100)# exit
switch(config)#