User's Manual

Table Of Contents
Configuration Guide of XGS-5240-Series
54-2
3. Display and debug the relative information of IPv6 security RA
Command
Explanation
Admin Mode
debug ipv6 security-ra
no debug ipv6 security-ra
Enable the debug information of IPv6 s
ecurity RA module, the no operation of
this command will disable the output of
debug information of IPv6 security RA.
show ipv6 security-ra [interface <interf
ace-list>]
Display the distrust port and whether gl
obally security RA is enabled.
54.3 IPv6 Security RA Typical Examples
Fig 10-1 IPv6 Security RA sketch map
Instructions: if the illegal user in the graph advertises RA, the normal user will rece
ive the RA, set the default router as the vicious IPv6 host user and change its own ad
dress. This will cause the normal user to not be able to connect the network. We want
to set security RA on the 1/0/2 port of the switch, so that the RA from the illegal user
will not affect the normal user.
Switch configuration task sequence:
Switch#config
Switch(config)#ipv6 security-ra enable
Switch(Config-If-Ethernet1/0/2)# ipv6 security-ra enable
Illegal user
PC user
Other IPv6 network
RA
Ethernet1/0/1
Ethernet1/0/3 Ethernet1/0/2
RA
X