Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1068
Views
5
Helpful
1
Replies

Cisco IPv6 RA Guard - only block RA and not RS messages?

layer9de
Level 1
Level 1

‎01-03-2018 02:49 AM - edited ‎03-08-2019 01:17 PM

Hi all,

I'm currently configuring IPv6 First Hop Security in our infrastructure (Cisco 2960X Switches). I found out that RA Guard when configured in host mode also blocks Router Solicitation Messages (ICMPv6 Type 133) and not only RA messages. This caused delays for clients receiving their default gateway information as the interface must wait for the RA from the router to arrive.

I actually don't understand why RS messages are blocked by RA Guard in the first place. Can this be changed?

 

/edit: I just found the following thread. The issue is however not solved yet:

https://supportforums.cisco.com/t5/lan-switching-and-routing/ipv6-fhs-how-to-filter-only-ra-but-keep-rs/m-p/3297080/highlight/false#M399586

Thanks
Michael

Labels:
0 Helpful
1 Reply 1

Harold Ritter
Spotlight
Spotlight

‎01-08-2018 03:05 PM

Configuring a defaut mode of host on the VLAN where you enable RA guard should take care of that.

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
Customers Also Viewed These Support Documents