47-47
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 47 Configuring Network Security with ACLs
Configuring RA Guard
• RA Guard is purely an Layer 2 port based feature and can be configured only on switchports. It
works irrespective of whether IPv6 routing is enabled. It is not supported on router interfaces and
VLANs.
• RA Guard is supported on trunk ports; filtering is performed on packets arriving from all the allowed
VLANs.
• RA Guard is supported on EtherChannel; the RA Guard configuration (whether present or not) on
the EtherChannel overrides the RA Guard configuration on the member ports.
• RA Guard is supported on ports that belong to PVLANs (for example, isolated secondary host ports,
community secondary host ports, promiscuous primary host ports, (primary/secondary) trunk ports.
Primary VLAN features are inherited and merged with port features.
• Because of hardware limitations, it may not be possible for Supervisor Engine 6-E and 6L-E to
collect statistics for RA Guard in hardware. If so, an error message is displayed. The show ipv6
snooping counter interface commands display the estimated counters
.
Note Beginning with Cisco IOS Release 15.0(2)SG, per port RA Guard ACL statistics are supported
and displayed when you enter a show ipv6 snooping counters interface command. (Previous to
this release, you enter the show ipv6 first-hop counters interface command.)
