Router Advertisement (RA) Guard on Cisco IOS

During the IPv6 Security webinar Eric Vyncke described various mechanisms you can use to implement RA Guard on Cisco IOS, including private VLANs, port ACLs, RA Guard Lite and full-blown RA Guard available in recent Cisco IOS releases.


  1. Sadly it doesn´t help against
    HP and other vendors haven´t any working solution for that on, either.

  2. Chris,
    For sake of time, I was unable to cover all details.

    Using 'deny ip any any undetermined-transport' (where applicable) will actually prevent the fragmented attack.

    Using the ra-guard in the latest software release, you can combine this with an ACL to allow only a specific prefix to be advertized, also blocking the flooding attack.



You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.