hit counter script

Ipv6 Nd Raguard Other-Config-Flag - Cisco 300 Series Cli Manual

Stackable managed switches
Hide thumbs Also See for 300 Series:
Table of Contents

Advertisement

25
531

25.35 ipv6 nd raguard other-config-flag

To globally enable verification of the advertised "Other Configuration" flag in RA
messages, use the ipv6 nd raguard other-config-flag command in Global
Configuration mode. To return to the default, use the no form of this command.
Syntax
ipv6 nd raguard other-config-flag {on | off}
no ipv6 nd raguard other-config-flag
Parameters
on—The value of the flag must be 1.
off—The value of the flag must be 0.
Default Configuration
Verification is disabled.
Command Mode
Global Configuration mode
User Guidelines
This command enables verification of the advertised "Other Configuration" flag (or
"O" flag) in an RA message (see RFC4861). This flag could be set by an attacker to
force hosts to retrieve other configuration information through a DHCPv6 server
that might not be trustworthy.
Example
The following example shows how the command enables O flag verification that
checks if the value of the flag is 0:
switchxxxxxx(config)#
ipv6 nd raguard other-config-flag off
OL-32830-01 Command Line Interface Reference Guide
IPv6 First Hop Security

Advertisement

Table of Contents
loading

Table of Contents