Cat6500 ipv6 nd raguard feature

Nick Hilliard nick at
Fri Nov 19 23:54:01 CET 2010

On 19/11/2010 08:39, Daniel Verlouw wrote:
> Cisco suggests disabling it all together as a workaround, however, we
> found that IPv6 PACLs (also introduced in SXI4) do work fine in our
> limited testing so far, e.g.:
> ipv6 access-list block-rogue-ipv6
>  remark Block DHCPv6 server messages
>  deny udp any eq 547 any eq 546
>  remark Block Router Advertisements
>  deny icmp any any router-advertisement
>  permit ipv6 any any

Would it not be better to use instead:

deny udp fe80::/16 eq 547 host ff02::1 eq 546

... just in case.


More information about the ipv6-ops mailing list