Difference between revisions of "First-hop security IPv6 Cisco IOS"
From Teknologisk videncenter
m (→IPv6 RA Guard) |
m (→Links) |
||
Line 27: | Line 27: | ||
=Links= | =Links= | ||
*[http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-first_hop_security_ps10591_TSD_Products_Configuration_Guide_Chapter.html Cisco Ipv6 first-hop security] | *[http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-first_hop_security_ps10591_TSD_Products_Configuration_Guide_Chapter.html Cisco Ipv6 first-hop security] | ||
+ | <references/> | ||
{{Source cli}} | {{Source cli}} | ||
[[Category:IPv6]][[Category:Security]] | [[Category:IPv6]][[Category:Security]] |
Revision as of 07:42, 19 December 2011
IPv6 RA Guard
IPv6 Router Advertisement Guard. [1]
IPv6 RA guard provides support for allowing the network administrator to block or reject unwanted or rogue RA guard messages that arrive at the network switch platform. RAs are used by routers to announce themselves on the link.
From IOS 12.2(33)SXI4 to 12.2(54)SG
R1(config)#<input>int fa0/1</input>
R1(config-if)<input>ipv6 nd raguard</input>
From IOS 12.2(54)SG
R1(config)#<input>int fa0/1</input>
R1(config-if)<input>ipv6 nd raguard policy policy1</input>
R1(config-ra-guard)#
Unicast Reverse Path Forwarding
To avoid spoofed packets passing a Router. Could be DoS attack. With RPF - reverse Path Forwarding - the router checks that the sending hosts source IP address matches the routing table on the receiving interface.
- Example
- An access-list can be used as an option to this command
R1(config)#<input>interface fa0/1</input>
R1(config-if)#<input>ipv6 verify unicast reverse-path</input>