Unwanted RA on LAN

Eric Vyncke (evyncke) evyncke at cisco.com
Wed Mar 9 09:05:26 CET 2011

May I add that having your official router sending RA with a high priority will already help.


If using Cisco switches, then you can use an Port ACL or even the RA guard (both available on most recent switches with the software release of Summer 2010).


interface FastEthernet3/13 

  switchport mode access 

  ipv6 traffic-filter ACCESS_PORT in

  access-group mode prefer port 



ipv6 access-list ACCESS_PORT

    remark Block all traffic DHCP server -> client

    deny udp any eq 547 any eq 546

    remark Block Router Advertisements

    deny icmp any any router-advertisement

    permit any any




interface FastEthernet3/13 

  switchport mode access 

  ipv6 nd raguard 

  access-group mode prefer port 


Hope this helps (I am sure that other vendor switches can achieve the same function)




From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Rod James Bio
Sent: mercredi 9 mars 2011 8:06
To: IPv6 operators forum
Subject: Unwanted RA on LAN



   I've been seeing 2002:ca5a::/32 advertise on our LAN recently, actually it's two /64 advertised by two machine. I was wondering if anybody had any past experience on this? I would like to know what application or operating system feature is causing this so I could disable it and remove this RA's on our LAN. Already search Google about this but no luck in finding anything. Below is the output of ifconfig on my workstation. Thank you.

      inet6 addr: 2002:ca5a:9f36:4:216:eaff:fec5:ebc/64 Scope:Global
      inet6 addr: 2002:ca5a:9f5a:9:216:eaff:fec5:ebc/64 Scope:Global
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110309/698ea8e2/attachment.html 

More information about the ipv6-ops mailing list