Solved: Re: Block only the RAs

Pablojuncalc · ‎05-21-2013

Hello:

I Have a Cisco 877 with IOS:

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T6, RELEASE SOFTWARE (fc2)

I am implementing Hurricane Electric Tunnel Broker, but actually to do this test I have disconnected the Wan Interface , and It only has a Windows 7 host connected to port FastEthernet 0, through vlan1:

FONTENLAS#show ip interface brief

Interface IP-Address OK? Method Status Protocol

ATM0 unassigned YES NVRAM administratively down down

ATM0.1 unassigned YES unset administratively down down

Dialer0 unassigned YES NVRAM up up

FastEthernet0 unassigned YES unset up up

FastEthernet1 unassigned YES unset up down

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up down

NVI0 unassigned YES unset administratively down down

Tunnel0 unassigned YES NVRAM up down

Vlan1 172.16.1.1 YES NVRAM up up

FONTENLAS#ping

FONTENLAS#ping 172.16.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms

FONTENLAS#

I have configured an IPV6 address on Interface Vlan1, but I don't want that the prefix to be distributed through Autoconfiguration, so I have configured on interface Vlan1 the command: nd ra suppress as I show you

FONTENLAS#show run interface vlan 1

Building configuration...

Current configuration : 187 bytes

!

interface Vlan1

ip address 172.16.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

ipv6 address 2001:470:1F15:EE2::/64 eui-64

ipv6 nd ra suppress

end

FONTENLAS#

As result, the router doesn't send its periodical Router Advertisements , but when the host is restarted, it sends a Router Solicitation message and the Router answers with Router Advertisement (that is making me crazy, because I understand it musn't send RA messages with suppres command configured)

That's what happens when I restart the connected Host:

FE80::219:AAFF:FEC2:30BC -> Router Link Local Address

FE80::7004:6BEB:4C26:79ED -> Host Link Local Address

FONTENLAS#show ipv6 interface brief

ATM0 [administratively down/down]

unassigned

ATM0.1 [administratively down/down]

unassigned

Dialer0 [up/up]

unassigned

FastEthernet0 [up/up]

unassigned

FastEthernet1 [up/down]

unassigned

FastEthernet2 [up/down]

unassigned

FastEthernet3 [up/down]

unassigned

NVI0 [administratively down/down]

unassigned

Tunnel0 [up/down]

FE80::219:AAFF:FEC2:30BC

2001:470:1F14:EE2::2

Vlan1 [up/up]

FE80::219:AAFF:FEC2:30BC

2001:470:1F15:EE2:219:AAFF:FEC2:30BC

FONTENLAS#show run interface vlan 1

Building configuration...

Current configuration : 187 bytes

!

interface Vlan1

ip address 172.16.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

ipv6 address 2001:470:1F15:EE2::/64 eui-64

ipv6 nd ra suppress

end

FONTENLAS#

*Mar 2 11:09:51.945: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down

*Mar 2 11:09:51.945: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down

*Mar 2 11:09:51.945: ICMPv6-ND: L3 down on Vlan1

*Mar 2 11:09:51.949: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is down on Vlan1

*Mar 2 11:09:51.949: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Down

*Mar 2 11:09:51.949: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is down on Vlan1

*Mar 2 11:09:52.949: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down

*Mar 2 11:09:54.497: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

*Mar 2 11:09:54.501: ICMPv6-ND: L2 came up on Vlan1

*Mar 2 11:09:54.501: IPv6-Addrmgr-ND: DAD request for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:09:54.501: ICMPv6-ND: Sending NS for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:09:54.505: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC

*Mar 2 11:09:55.489: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 2 11:09:55.501: IPv6-Addrmgr-ND: DAD: FE80::219:AAFF:FEC2:30BC is unique.

*Mar 2 11:09:55.501: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:09:55.501: ICMPv6-ND: L3 came up on Vlan1

*Mar 2 11:09:55.501: IPv6-Addrmgr-ND: DAD request for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:09:55.501: ICMPv6-ND: Sending NS for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:09:55.501: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Up

*Mar 2 11:09:55.501: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FF02::1

*Mar 2 11:09:55.501: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC

*Mar 2 11:09:55.501: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is up on Vlan1

*Mar 2 11:09:56.490: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Mar 2 11:09:56.502: IPv6-Addrmgr-ND: DAD: 2001:470:1F15:EE2:219:AAFF:FEC2:30BC is unique.

*Mar 2 11:09:56.502: ICMPv6-ND: Sending NA for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:09:56.502: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is up on Vlan1

*Mar 2 11:09:56.506: ICMPv6: Sent N-Advert, Src=2001:470:1F15:EE2:219:AAFF:FEC2:30BC, Dst=FF02::1

*Mar 2 11:10:22.596: ICMPv6: Received R-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::2

*Mar 2 11:10:22.596: ICMPv6-ND: Received RS on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:22.596: ICMPv6-ND: Sending solicited RA on Vlan1

*Mar 2 11:10:22.596: ICMPv6-ND: Sending RA from FE80::219:AAFF:FEC2:30BC to FE80::7004:6BEB:4C26:79ED on Vlan1

*Mar 2 11:10:22.600: ICMPv6-ND: MTU = 1500

*Mar 2 11:10:22.600: ICMPv6-ND: prefix = 2001:470:1F15:EE2::/64 onlink autoconfig

*Mar 2 11:10:22.600: ICMPv6-ND: 2592000/604800 (valid/preferred)

*Mar 2 11:10:22.600: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:22.604: ICMPv6-ND: STALE -> DELAY: FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:22.604: ICMPv6: Sent R-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:22.604: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:23.096: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:25.452: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:25.456: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:25.592: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:25.764: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:25.768: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:26.096: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:27.605: ICMPv6-ND: DELAY -> PROBE: FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:27.605: ICMPv6-ND: Sending NS for FE80::7004:6BEB:4C26:79ED on Vlan1

*Mar 2 11:10:27.609: ICMPv6: Sent N-Solicit, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:27.609: ICMPv6: Received N-Advert, Src=FE80::7004:6BEB:4C26:79ED, Dst=FE80::219:AAFF:FEC2:30BC

*Mar 2 11:10:27.609: ICMPv6-ND: Received NA for FE80::7004:6BEB:4C26:79ED on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:27.609: ICMPv6-ND: PROBE -> REACH: FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:28.753: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC

*Mar 2 11:10:28.753: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:28.757: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:10:28.761: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:38.219: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC

*Mar 2 11:10:38.219: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:38.219: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:10:38.223: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:10:39.619: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:10:40.095: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:11:10.114: ICMPv6-ND: REACH -> STALE: FE80::7004:6BEB:4C26:79ED

FONTENLAS#

So the result is that the Host obtains again the prefix through Autoconfiguration from RA router message.

I haved looked for new cli commands on the router to prevent this but I haven't found any other. The more I had got is to configure the commands (specially the first one):

ipv6 nd prefix default no-advertise

ipv6 nd managed-config-flag

so now, the router doesn't send the Prefix on RA messages, but it continues answering to RS Host Messages with its RA message. And I don't want that, because although It doesn't send the prefix with "nd prefix default no-advertise" command, it sends the MTU and the Default Gateway to the router

and I don't want that because later I want to deploy a Windows Server in the same LAN to do that function (Dhcp server, DNS server...)

That's what happens (Router sends again RA)

FONTENLAS#show run interface vlan 1

Building configuration...

Current configuration : 253 bytes

!

interface Vlan1

ip address 172.16.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

ipv6 address 2001:470:1F15:EE2::/64 eui-64

ipv6 nd prefix default no-advertise

ipv6 nd managed-config-flag

ipv6 nd ra suppress

end

FONTENLAS#

*Mar 2 11:26:15.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down

*Mar 2 11:26:15.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down

*Mar 2 11:26:15.067: ICMPv6-ND: L3 down on Vlan1

*Mar 2 11:26:15.071: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is down on Vlan1

*Mar 2 11:26:15.071: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Down

*Mar 2 11:26:15.071: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is down on Vlan1

*Mar 2 11:26:16.068: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down

*Mar 2 11:26:17.700: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

*Mar 2 11:26:17.704: ICMPv6-ND: L2 came up on Vlan1

*Mar 2 11:26:17.704: IPv6-Addrmgr-ND: DAD request for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:26:17.704: ICMPv6-ND: Sending NS for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:26:17.708: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC

*Mar 2 11:26:18.692: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 2 11:26:18.704: IPv6-Addrmgr-ND: DAD: FE80::219:AAFF:FEC2:30BC is unique.

*Mar 2 11:26:18.704: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:26:18.704: ICMPv6-ND: L3 came up on Vlan1

*Mar 2 11:26:18.704: IPv6-Addrmgr-ND: DAD request for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:26:18.704: ICMPv6-ND: Sending NS for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:26:18.704: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Up

*Mar 2 11:26:18.704: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FF02::1

*Mar 2 11:26:18.704: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC

*Mar 2 11:26:18.704: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is up on Vlan1

*Mar 2 11:26:19.692: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Mar 2 11:26:19.704: IPv6-Addrmgr-ND: DAD: 2001:470:1F15:EE2:219:AAFF:FEC2:30BC is unique.

*Mar 2 11:26:19.704: ICMPv6-ND: Sending NA for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:26:19.704: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is up on Vlan1

*Mar 2 11:26:19.708: ICMPv6: Sent N-Advert, Src=2001:470:1F15:EE2:219:AAFF:FEC2:30BC, Dst=FF02::1

*Mar 2 11:26:44.958: ICMPv6: Received R-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::2

*Mar 2 11:26:44.958: ICMPv6-ND: Received RS on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:44.958: ICMPv6-ND: Sending solicited RA on Vlan1

*Mar 2 11:26:44.958: ICMPv6-ND: Sending RA from FE80::219:AAFF:FEC2:30BC to FE80::7004:6BEB:4C26:79ED on Vlan1

*Mar 2 11:26:44.962: ICMPv6-ND: Managed address configuration

*Mar 2 11:26:44.962: ICMPv6-ND: MTU = 1500

*Mar 2 11:26:44.962: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:44.966: ICMPv6-ND: STALE -> DELAY: FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:44.966: ICMPv6: Sent R-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:45.458: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:47.879: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:47.883: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:47.955: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:48.187: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:48.191: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:48.459: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:26:49.967: ICMPv6-ND: DELAY -> PROBE: FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:49.967: ICMPv6-ND: Sending NS for FE80::7004:6BEB:4C26:79ED on Vlan1

*Mar 2 11:26:49.971: ICMPv6: Sent N-Solicit, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:49.971: ICMPv6: Received N-Advert, Src=FE80::7004:6BEB:4C26:79ED, Dst=FE80::219:AAFF:FEC2:30BC

*Mar 2 11:26:49.971: ICMPv6-ND: Received NA for FE80::7004:6BEB:4C26:79ED on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:49.971: ICMPv6-ND: PROBE -> REACH: FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:51.620: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC

*Mar 2 11:26:51.620: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:26:51.624: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:26:51.628: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:27:02.606: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC

*Mar 2 11:27:02.606: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED

*Mar 2 11:27:02.606: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1

*Mar 2 11:27:02.610: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED

*Mar 2 11:27:03.486: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:27:03.954: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16

*Mar 2 11:27:32.477: ICMPv6-ND: REACH -> STALE: FE80::7004:6BEB:4C26:79ED

FONTENLAS#

So I would like to know If I making some mistake or some missconfiguration with this?

Maybe I haven't the correct knowless about how Slacc Autoconfiguration should work (Isn't right that with suppress comand configured the router shouldn't send any RA message ?), or maybe it's a problem with this IOS version. I'm gettin crazy with this.

This router has 24 Mb Flash, so If it's a problem with IOS version, I don't know which one to put on it because I think 15.X versions exceed 24Mb

Thanks for reading this large post and for helping

Kind regards

Pablo JC

Harold Ritter · ‎05-21-2013

Hi Pablo,

RA messages can be disabled completely using the following command: ipv6 nd ra suppress all.

The "all" keyword suppresses periodic and solicited RA messages.

It has been introduced in 15.1(3)T3.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Harold Ritter · ‎05-22-2013

Hi Pablo,

Although I have never tested it myself, I think sing a lifetime = 0 should work. My personal preference would be to use an ACL to filter out the RS as suggested in the workaround in the bugid you mentioned.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Harold Ritter · ‎05-21-2013

Hi Pablo,

RA messages can be disabled completely using the following command: ipv6 nd ra suppress all.

The "all" keyword suppresses periodic and solicited RA messages.

It has been introduced in 15.1(3)T3.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Pablojuncalc · ‎05-21-2013

Hi Harold:

Thanks so much for your answer.

Unfortunately, this Router has 128/24 Dram, but IOS 15.1(3)T3 requires 193/32.

Related to your answer I have found this link

Where it is explained:

CSCth90147

Symptoms: Router will respond to an RS with an RA.

Conditions: The symptom is observed when you configure the ipv6 nd ra suppress command. This command is only intended to suppress periodic mcast RAs. The router will still respond to unicast RS (that is intended behavior).

Workaround: Use an ACL to block the reception of RS packets.

I have read in another web that other possible solution is to use configuren the nd ra lifetime messages as 0.

I have combined several commands in this way:

!

interface Vlan1

ip address 172.16.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

ipv6 address 2001:470:1F15:EE2::/64 eui-64

ipv6 nd prefix default no-advertise

ipv6 nd managed-config-flag

ipv6 nd ra suppress

ipv6 nd ra lifetime 0

end

With:

ipv6 nd ra suppress -> The router won't send periodical RA messages

ipv6 nd prefix default no-advertise -> The router won't publish the prefix in message RA that it send answering host RS

ipv6 nd ra lifetime 0 -> Does this prevent that the rest of the configuration send by RA could stay in hosts

ipv6 nd managed-config-flag

What do you thing about this configuration? I know it's a bit dirtier than using an ACL to block the reception of RS packet, but could it done the same function?

Kind regards

Thanks for reading

Harold Ritter · ‎05-22-2013

Hi Pablo,

Although I have never tested it myself, I think sing a lifetime = 0 should work. My personal preference would be to use an ACL to filter out the RS as suggested in the workaround in the bugid you mentioned.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

RRFS578780 · ‎07-29-2020

Hello.

If I choose to do ACL, what would the configuration look like for blocking only the RAs?

Problem to disable IPV6 Router Advertisements suppress command