25
497
Example
The following example defines an ND Inspection policy named policy1, places the
switch in ND Inspection Policy Configuration mode, and enables the switch to drop
messages with no or invalid options or an invalid signature:
switchxxxxxx(config)#
switchxxxxxx(config-nd-inspection)#
switchxxxxxx(config-nd-inspection)# exit
25.12 hop-limit
To enable the verification of the advertised Cur Hop Limit value in RA messages
within an IPv6 RA Guard policy, use the hop-limit command in RA Guard Policy
Configuration mode. To return to the default, use the no form of this command.
Syntax
hop-limit {[maximum {
no hop-limit [maximum] [minimum]
Parameters
•
value
maximum
value argument. Range 1-255. The value of the high boundary must be
equal or greater than the value of the low boundary.
•
maximum disable—Disables verification of the high boundary of the
hop-count limit.
•
value
minimum
the value argument. Range 1-255.
•
minimum disable—Disables verification of the lower boundary of the
hop-count limit.
Default Configuration
Policy attached to port or port channel: the value configured in the policy attached
to the VLAN.
Policy attached to VLAN: global configuration.
ipv6 nd inspection policy policy1
drop-unsecure
value
| disable}] [minimum {
—Verifies that the hop-count limit is less than or equal to the
—Verifies that the hop-count limit is greater than or equal to
OL-32830-01 Command Line Interface Reference Guide
IPv6 First Hop Security
value
| disable}]}