Chapter 45 ipv6 security ra configuration -325, Ntroduction to, Ecurity – QTECH QSW-2800 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

325

Chapter 45 IPv6 Security RA Configuration

45.1 Introduction to IPv6 Security

RA

In IPv6 networks, the network topology is generally compromised of routers, layer-two

switches and IPv6 hosts. Routers usually advertise RA, including link prefix, link MTU and

other information, when the IPv6 hosts receive RA, they will create link address, and set the

default router as the one sending RA in order to implement IPv6 network communication. If a

vicious IPv6 host sends RA to cause that normal IPv6 users set the default router as the

vicious IPv6 host user, the vicious user will be able to capture the information of other users,

which will threat the network security. Simultaneously, the normal users get incorrect address

and will not be able to connect to the network. So, in order to implement the security RA

function, configuring on the switch ports to reject vicious RA messages is necessary, thus to

prevent forwarding vicious RA to a certain extent and to avoid affecting the normal operation of

the network.

45.2 IPv6 Security RA

Configuration Task Sequence

1. Globally enable IPv6 security RA

2. Enable IPv6 security RA on a port

3. Display and debug the relative information of IPv6 security RA

1. Globally enable IPv6 security RA

Command

Explanation

Global Configuration Mode

ipv6 security-ra enable

no ipv6 security-ra enable

Globally enable and disable IPv6 security RA.

2. Enable IPv6 security RA on a port

Command

Explanation

Port Configuration Mode

ipv6 security-ra enable

no ipv6 security-ra enable

Enable and disable IPv6 security RA in port

configuration mode.