Unwanted RA on LAN
Eric Vyncke (evyncke)
evyncke at cisco.com
Wed Mar 9 09:05:26 CET 2011
May I add that having your official router sending RA with a high priority will already help.
If using Cisco switches, then you can use an Port ACL or even the RA guard (both available on most recent switches with the software release of Summer 2010).
interface FastEthernet3/13
switchport mode access
ipv6 traffic-filter ACCESS_PORT in
access-group mode prefer port
ipv6 access-list ACCESS_PORT
remark Block all traffic DHCP server -> client
deny udp any eq 547 any eq 546
remark Block Router Advertisements
deny icmp any any router-advertisement
permit any any
or
interface FastEthernet3/13
switchport mode access
ipv6 nd raguard
access-group mode prefer port
Hope this helps (I am sure that other vendor switches can achieve the same function)
-éric
From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Rod James Bio
Sent: mercredi 9 mars 2011 8:06
To: IPv6 operators forum
Subject: Unwanted RA on LAN
Hello,
I've been seeing 2002:ca5a::/32 advertise on our LAN recently, actually it's two /64 advertised by two machine. I was wondering if anybody had any past experience on this? I would like to know what application or operating system feature is causing this so I could disable it and remove this RA's on our LAN. Already search Google about this but no luck in finding anything. Below is the output of ifconfig on my workstation. Thank you.
inet6 addr: 2002:ca5a:9f36:4:216:eaff:fec5:ebc/64 Scope:Global
inet6 addr: 2002:ca5a:9f5a:9:216:eaff:fec5:ebc/64 Scope:Global
Rod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110309/698ea8e2/attachment.html
More information about the ipv6-ops
mailing list