Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
574
Views
0
Helpful
3
Replies

IPv6 FHS Router Solitication

robert.melzer
Level 1
Level 1

ā€Ž07-27-2021 11:06 PM

Dear Folks,

does feature raguard host blocking router solitication?

I have the following situation.

The client is booting up and send rs messages. The router did not get those messages and no answer is given.

On the uplink port to the router is raguard router configured and on the client site raguard host.

After a few minutes, periodically from router, router advertisements are visible on the client side and the ipv6 address is reachable.

 

Best Regards

Robert

Labels:
0 Helpful
3 Replies 3

pieterh
VIP
VIP

ā€Ž07-28-2021 12:26 AM - edited ā€Ž07-28-2021 12:29 AM

IPv6 RA Guard ip6-ra-guard.pdf (cisco.com)
The IPv6 RA Guard feature provides support for allowing the network administrator to block or reject
unwanted or rogue RA guard messages that arrive at the network device platform. RAs are used by devices
to announce themselves on the link. The IPv6 RA Guard feature analyzes these RAs and filters out RAs
that are sent by unauthorized devices. In host mode, all RA and router redirect messages are disallowed on
the port. The RA guard feature compares configuration information on the Layer 2 (L2) device with the
information found in the received RA frame. Once the L2 device has validated the content of the RA frame
and router redirect frame against the configuration, it forwards the RA to its unicast or multicast
destination. If the RA frame content is not validated, the RA is dropped.

 

--> your observation matches this functionality description
- initially RA messages are blocked
- after "validation of the content..." RA's can be forwarded

0 Helpful

robert.melzer
Level 1
Level 1
In response to pieterh

ā€Ž07-28-2021 03:38 AM

Dear Peter,

thanks for your reply. I Think my question was not clear enough.

 

Does RA Guard feature in host mode blocking RS "Router Solitication" Messages ?

 

As the first step after configures itself with a link-local-adress and doing DAD the NODE is sending Router Solitication to the link-local scoped all-routers multicast address of ff02::2 with the link local address.

 

The IPv6 Router on the link receives the Router Solitication and respond with a router advertisement.

 

For my understanding the RA Guard feature in host mode is blocking RA but should not blocking RS "Router Solitication"

 

Best Regards

Robert

 

 

0 Helpful

pieterh
VIP
VIP
In response to robert.melzer

ā€Ž07-28-2021 04:15 AM

this post looks similar Cisco IPv6 RA Guard - only block RA and not RS messages? - Cisco Community

suggested solution is to configure a default mode of host on the vlan, not the port

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card