IPv6 Router Advertisements (RAs)

Overview

The routing switches covered by this guide support IPv6 RA configuration and transmission based on RFC 4861, “Neighbor Discovery for IP Version 6 (IPv6)” and RFC 4862, “IPv6 Stateless Address Autoconfiguration”.

IPv6 RAs on a VLAN provide the neighbor discovery policy the system administrator has configured for devices running in IPv6 host mode with address autoconfiguration enabled. RAs also enable hosts on a VLAN to build a list of default (reachable) routers on that VLAN.

RA general operation

An IPv6 routing switch configured as a member of a given VLAN transmits RAs for use by hosts on the VLAN. It also transmits unscheduled RAs in response to router solicitations received from IPv6 hosts on the VLAN. The values a host receives in an RA are applied to settings that have not already been configured on the host by the system operator. (Values in an RA can also replace host settings that were learned from a previous RA.)

When IPv6 unicast routing is enabled, RAs are transmitted by default on VLANs enabled for IPv6 and configured with an IPv6 link-local address, unless RA transmission has been explicitly suppressed. RA configuration includes:

Advertisement Value		Default	Page
managed flag (M-bit)		Not set	VLAN context Neighbor Discovery (ND) configuration
other-config-flag (O-bit)		Not set	VLAN context Neighbor Discovery (ND) configuration
prefix		The prefix of any global unicast IPv6 address configured on the VLAN interface^[a]	Configuring the global unicast prefix and lifetime for hosts on a VLAN
	length	N/A; based on existing configuration	—
	valid lifetime	2,592,000 seconds (30 days)	—
	preferred lifetime	604,800 seconds (7 days)	—
	autoconfig (A-bit)	Set (host autoconfig enabled)	—
	on-link (L-bit)	Set (use prefix on subject VLAN)	—
RA transmission interval			—
	maximum	600 seconds	Configuring the range for intervals between RA transmissions on a VLAN
	minimum	200 seconds	Configuring the range for intervals between RA transmissions on a VLAN
current hop limit		64	Setting or changing the hop-limit for host-generated packets
default lifetime		1800 seconds (3 x max. transmission interval)	Setting or changing the default router lifetime
reachable time		Unspecified (0)	Changing the reachable time duration for neighbors
retransmission timer		Unspecified (0)	Setting or changing the neighbor discovery retransmit timer
^[a] Default operation excludes prefixes of stateless autoconfigured addresses.

RA basics

Enabling IPv6 unicast routing on a routing switch initiates transmission of RAs on active, IPv6-enabled VLANs unless RA transmission has been suppressed.
RAs are not routed.
A host response to an RA depends on how the host implements IPv6. Generally, settings in an RA received by a host replaces settings received from an earlier RA. Settings configured directly on a host by an operator may override values received in an RA for the same settings.
When a host receives a default "unspecified" value in an RA, the host applies either its own current setting for that value, or the defaults specified in RFC 4861 or other applicable RFCs, depending on how IPv6 is implemented in the host.
The M-bit and O-bit flags enable RAs to be configured either to act as the sole source of host addressing and related settings, or to direct the host to use a DHCPv6 server for some or all such settings.

Setting up your IPv6 RA policy

Is there a role for a DHCPv6 server in host configuration on a given VLAN, and what host services and policy will be configured?

Affects M-bit and O-bit options (page VLAN context Neighbor Discovery (ND) configuration)
What is the ND policy that should be advertised?

Includes hop-limit for host-generated traffic, the default router period, neighbor reachable time, and retransmit time for neighbor solicitations.
What prefixes should be advertised, and what prefixes should be suppressed?

Prefixes configured on the routing switch VLAN interface will be included in RAs on that VLAN unless specifically denied.
What should be the maximum and minimum intervals (in seconds) for transmitting RAs?
Are there any VLANs on the routing switch where RAs should be suppressed?
Will multiple routing devices be used to send RAs on a VLAN?
- The first RA received by a host determines the default router for that host. Other routers included in subsequent RAs received by the host become backup default routers for that host.
- What, if any, differences are acceptable in RAs from different routing devices?

Configuring IPv6 RAs

When IPv6 unicast routing is enabled on the routing switch, RAs are transmitted on all IPv6-enabled VLANs unless explicitly suppressed globally or per-VLAN.

The following steps provide a general outline of the steps for configuring the routing switch for non-default RA operation on all IPv6-enabled VLANs:

Enable IPv6 routing on your network.
Enable IPv6 unicast routing. (This must be enabled to allow configuration of other routing protocols).

HP Switch(config)# ipv6 unicast–routing

(This command enables RA transmission on any VLAN where RAs are not specifically suppressed.)

Configure the desired per-VLAN RA operation:

Use the M-bit and O-bit settings to specify the source for IPv6 host configuration; see page VLAN context Neighbor Discovery (ND) configuration:
1. M-bit setting:
  - Get configuration from RAs (default).
  - Get configuration from DHCPv6.
2. O-bit setting (applies only if M-bit setting is left in default state):
  - Use RA source for global unicast prefixes (default).
  - Do not use the RA for non-prefix configuration.
Configure global unicast prefix assignments; see Configuring the global unicast prefix and lifetime for hosts on a VLAN:
1. Specify any prefixes not configured on the routing switch VLAN interface that should be transmitted in RAs to IPv6 hosts on the VLAN.
2. Deny any prefixes configured on the routing switch VLAN interface that should not be transmitted in RAs to IPv6 hosts on the VLAN. (Default: Global unicast prefixes configured on the routing switch VLAN interface are included in RAs.)

Configure the maximum and minimum interval for transmitting RAs on the VLAN; see page Configuring the range for intervals between RA transmissions on a VLAN.


	NOTE: The routing switch also transmits RAs when it receives router solicitations from a host. Autoconfiguration must be enabled on the host before it will generate router solicitations on the VLAN.

Configure the ND policy for hosts on the VLAN to use:
1. hop-limit (default: 64; see page Setting or changing the hop-limit for host-generated packets)
2. Default router lifetime (default: 1800 seconds; see page Setting or changing the default router lifetime)
3. Reachable time duration to advertise for confirmed neighbors (default: unspecified (0); see page Changing the reachable time duration for neighbors)
4. Retransmit time to advertise for neighbor solicitations (default: unspecified (0); see page Setting or changing the neighbor discovery retransmit timer)
Configure per-VLAN RA suppression for any VLAN on which you do not want the routing switch to transmit RAs. (See Viewing the RA configuration.)

HP Switch(vlan–1)# ipv6 nd ra suppress

Configuring RAs on multiple switches with a common VLAN

Multiple routing switches transmitting RAs on the same VLAN can provide redundancy. Typically, a host identifies the first router from which it receives an RA as the default router. The host uses any RAs received later from other routers to identify backup default routers.

While advertised prefixes can be different, the per-VLAN RA policy should be the same for all routers transmitting RAs on a given VLAN. This includes the following parameters:

managed-config-flag (M-bit)
other-config-flag (O-bit)
default router lifetime
hop-limit
reachable-time for neighbors
retransmit time for neighbor solicitations

Global configuration context commands

Enabling or disabling IPv6 RA generation

Syntax:

[no] ipv6 nd suppress–ra

Global config command to suppress transmission of IPv6 RAs on all VLANs configured on the routing switch. Overrides RAs enabled per-VLAN.

The no form of the command globally disables RA suppression. Note that globally enabling RAs on the routing switch does not override per-VLAN RA suppression (using the ipv6 nd ra suppress command in a VLAN context). See Suppressing RAs on a VLAN.

Default: RA suppression disabled

Enabling or disabling IPv6 routing

Syntax:

[no] ipv6 unicast–routing

Global config command to enable or disable IPv6 routing. Must be enabled for routing operation. Enabling IPv6 routing activates RA generation on VLANs unless RAs are suppressed globally or per-VLAN.

The no form of the command disables IPv6 routing and RAs on the routing switch.

Default: Disabled

VLAN context Neighbor Discovery (ND) configuration

Configuring DHCPv6 service requirements

Syntax:

[no] ipv6 nd ra managed–config–flag

Syntax:

[no] ipv6 nd ra other–config–flag

managed–config–flag : Controls the M-bit setting in RAs the router transmits on the current VLAN. Enabling the M-bit directs clients to acquire their IPv6 addressing and ND host configuration information for the current VLAN interface from a DHCPv6 server.

When the M-bit is enabled, receiving hosts ignore the other–config–flag (O-bit) setting described below.

When the M-bit is disabled (the default), receiving hosts expect to receive their IPv6 addressing and ND configuration settings from the RA unless the O-bit is enabled.

other–config–flag : Ignored unless the M-bit (above) is disabled in RAs. Controls the O-bit in RAs the router transmits on the current VLAN.

Enabling the O-bit while the M-bit is disabled directs hosts on the VLAN to acquire their ND configuration settings from a DHCPv6 server and their global unicast prefixes from the RA.

The no form of either command turns off (disables) the setting for that command in RAs.

NOTE: In the default configuration, both the M-bit and the O-bit are disabled, and a host receiving the RA must acquire its prefix and ND configuration from the RA itself and not from a DHCPv6 server.

Default for both settings: Disabled

Configuring the range for intervals between RA transmissions on a VLAN

The interval between RA transmissions on a VLAN is a random value that changes every time an RA is sent. The interval is calculated to be a value between the current max-interval and min-interval settings described below.

Syntax:

[no] ipv6 nd ra max-interval <4–1800>

Syntax:

[no] ipv6 nd ra min-interval <3–1350>

VLAN context commands for changing the maximum and minimum intervals between transmissions of IPv6 RAs on the VLAN. These values have one setting per VLAN and do not apply to RAs sent in response to a router solicitation received from another device.

max-interval : Must be equal to or less than the configured lifetime setting. Attempting to set max-interval to a value greater than the configured lifetime setting results in an error message.

The no form of the max-interval command returns the setting to its default, provided the default value is less than or equal to 75% of the new maximum interval you are setting.

Attempting to set max-interval to a value that is not sufficiently larger than the current min-interval also results in an error message.

Default: 600 seconds; Range: 4–1800 seconds

min-interval : Must be less than or equal to 75% of max-interval. Attempting to set min-interval to a higher value results in an error message.

The no form of the min-interval command returns the setting to its default, provided the default value is less than or equal to 75% of the current max-interval setting.

Default: 200 seconds; Range: 3–1350 seconds

Setting or changing the hop-limit for host-generated packets

Syntax:

[no] ipv6 nd ra hop-limit <0–255>

hop-limit : VLAN-context command to specify the hop-limit a host includes in the packets it transmits.

A setting of 0 means the hop-limit is unspecified in the RAs originating on the current VLAN. In this case, the hop-limit is determined by the host.

The no form of the command resets the hop-limit to zero (unspecified), which eliminates the hop-limit from the RAs originating on the VLAN.

Default: 64; Range: unspecified 0 – 255

Setting or changing the default router lifetime

Syntax:

[no] ipv6 nd ra lifetime <0–9000>

lifetime : VLAN-context command for configuring the lifetime in seconds for the routing switch to be used as a default router by hosts on the current VLAN. This setting must be configured to a value greater than or equal to the max-interval setting.

A given host on a VLAN refreshes the default router lifetime for a specific router each time the host receives an RA from that router. A specific router ceases to be a default router candidate for a given host if the default router lifetime expires before the host is updated with a new RA from the router.

A setting of 0 (unspecified) for default router lifetime in an RA indicates that the routing switch is not a default router on the subject VLAN.

Default: 3 times the ra max-interval setting. Range: unspecified 0 – 9000 seconds

Changing the reachable time duration for neighbors

Syntax:

[no] ipv6 nd ra reachable–time <1000–3600000|unspecified>

reachable–time : VLAN-context command for all hosts on the VLAN to configure as the reachable time duration for a given neighbor after receiving a reachability confirmation from the neighbor. This value is used to ensure a uniform reachable time among hosts on the VLAN by replacing the individually configured settings on various hosts on the VLAN.

1000–3600000 : Reachable time in milliseconds.

unspecified : Configures the reachable time to zero, which disables the reachable-time setting in RAs on the current VLAN.

The no form also disables the reachable-time setting in RAs on the current VLAN.

Default: unspecified (0); Range: 1000–3600000 ms

NOTE: If multiple routers on the same VLAN are configured to advertise a reachable time, all such routers should use the same reachable-time setting.

Setting or changing the neighbor discovery retransmit timer

Syntax:

ipv6 nd ra NS-interval <1000–4294967295|unspecified>

Syntax:

[no] ipv6 nd ra NS-interval

Used on VLAN interfaces to advertise the period (retransmit timer) in milliseconds between ND solicitations sent by a host for an unresolved destination, or between DAD neighbor solicitation requests. Increasing this setting is indicated where neighbor solicitation retries or failures are occurring, or in a "slow" (WAN) network.

1000–4294967295 : An advertised setting in this range replaces the corresponding, locally configured setting in hosts on the VLAN.

unspecified : Sets the retransmit timer value in RAs to zero, which causes the hosts on the VLAN to use their own locally configured NS-interval settings instead of using the value received in the RAs.

The no form returns the setting to its default.

Default: unspecified (0) ; Range: 1000–4294967295 ms

NOTE: This is the retransmit timer advertised as a host-specific variable. It is separate from the retransmit timer used by the routing switch for its own ND solicitations (ipv6 nd NS-interval).

If multiple routers on the same VLAN are configured to advertise an NS-interval (retransmit time), all such routers should use the same NS-interval setting.

The default NS-interval setting for IPv6 host operation on HPE devices is 1000 ms. When the above command is used with the unspecified option to configure RAs, host devices configured by using the RA maintain their preconfigured NS-interval settings.

Configuring the global unicast prefix and lifetime for hosts on a VLAN

These commands define the content of RAs transmitted on a VLAN.

Syntax:

[no] ipv6 nd ra prefix <ipv6–prefix|prefix–len> <<valid–lifetime> <preferred–lifetime> | at <valid–date> <preferred–date> infinite | no–advertise> [no–autoconfig] [off–link]

Syntax:

[no] ipv6 nd ra prefix default <<valid–lifetime> <preferred–lifetime> | at <valid–date><preferred–date> | infinite | no–advertise> [no–autoconfig] [off–link]

Options for <valid–lifetime> <preferred–lifetime>:

Time in seconds:

[<0–4294967295> <0–4294967295>]

Specific date and time

[ at <valid–lifetime> <preferred–lifetime> ]

<valid–lifetime–MM/DD[/[YY]YY]]>

<valid–lifetime–HH:MM[:SS]>

<preferred–lifetime–MM/DD[/[YY]YY]]>

<preferred–lifetime–HH:MM[:SS]>]

<valid–date> <preferred–date>

VLAN-context command for specifying prefixes for the routing switch to include in RAs transmitted on the VLAN. IPv6 hosts use the prefixes in RAs to autoconfigure themselves with global unicast addresses. A host’s autoconfigured address is composed of the advertised prefix and the interface identifier in the host’s current link-local address.

valid–lifetime : The total time the prefix remains available before becoming unusable. After preferred-lifetime expiration, any autoconfigured address is deprecated and used only for transactions that began before the preferred-lifetime expired. If the valid lifetime also expires, the address becomes unusable. Default: 2,592,000 seconds–30 days; Range: 0–4294967295 seconds.

preferred–lifetime : The span of time during which the address can be freely used as a source and destination for traffic. This setting must be less than or equal to the corresponding valid–lifetime setting. Default: 604,000 seconds–7 days; Range: 0–4294967295 seconds

NOTE: The valid and preferred lifetimes designated in this command are fixed values. Each successive transmission of the same RA contains the same valid and preferred lifetimes.

For more information on valid and preferred lifetimes, see Address lifetimes.

default : Applied to all on-link prefixes that are not individually set by theipv6 ra prefix <ipv6–prefix|prefix–len> command. It applies the same valid and preferred lifetimes, link state, autoconfiguration state, and advertise options to the advertisements sent for all on-link prefixes that are not individually configured with a unique lifetime. This also applies to the prefixes for any global unicast addresses configured later on the same VLAN.

Using default once, and then using it again with any new values results in the new values replacing the former values in advertisements.

If default is used without the no–advertise, no–autoconfig, or the off–link keyword, the advertisement setting for the absent keyword is returned to its default setting.

NOTE: To configure a prefix as off–link or no–autoconfig, you must enter unique valid and preferred lifetimes with the prefix command (instead of the default command).

ipv6–prefix / prefix–len : Specifies the prefixes to advertise on the subject VLAN. A separate instance of the command must be used for each prefix to advertise.

infinite : Specifies that the prefix lifetime will not expire. This option sets the valid and preferred lifetimes to infinity. (All bits set to 1; ffffffff.)

no–advertise : Specifies no advertisement for the prefix. For example, if the routing-switches VLAN interface is configured with any prefixes that you do not want advertised on the VLAN, use this command to specify the prefixes to withhold from advertisements on the subject VLAN. Default: Advertising enabled.

no–autoconfig : Disables host autoconfiguration by turning off the A-bit in RAs. This requires hosts to acquire prefixes through manual or DHCPv6 assignments. Depending on the host implementation, a host that was previously configured by an RA to use autoconfiguration will not be affected by a later RA that includes no–autoconfig (unless the host disconnects and reconnects to the network). To re-enable host autoconfiguration (turn on the A-bit in RAs) for a given RA, use ipv6 nd ra prefix again, without invoking no–autoconfig. Default: A-bit turned on— host autoconfig turned on.

off–link : Sets the (L-bit) prefix information in an RA to indicate that the advertised prefix is not on the subject VLAN. A host that was previously configured using an RA without off–link will not be affected by a later RA that includes off–link (unless the host disconnects and reconnects to the network). Can be used in instances where the prefix is being deprecated, and you do not want any newly brought up hosts to use the prefix. Default: L-bit turned off.

The no form of the command deletes the specified prefix from RAs.

Using the default command to configure prefix advertisement content (example)

The table below lists the global unicast addresses configured on a VLAN, with original and updated settings configured using the default command.

Address or prefix	Interface	Original lifetime & autoconfig	Updated lifetime & autoconfig	Advertise on VLAN 100?
2001:db8:0:f::f1/64	VLAN 100	15 days 14 days Auto: Yes Set in Using the default command to configure and update prefix advertisements.	30 days 25 days Auto: No (Changed in Using the default command to configure and update prefix advertisements.	Yes
2001:db8:0:b::b1/64	VLAN 100
2001:db8:0:c::c1/64	VLAN 100
2001:db8:0:d::d1/64	VLAN 100
2001:db8:0:a::/64	Off-Link	12/31/2010 at 00:00:01 12/20/2010 at 00:00:01 Auto: Yes	not updated

Using the default command to configure and update prefix advertisements

HP Switch(config)# vlan 100
HP Switch(vlan–100)# ipv6 address 2001:db8:0:f::f1/64
HP Switch(vlan–100)# ipv6 address 2001:db8:0:b::b1/64 


HP Switch(vlan–100)# ipv6 address 2001:db8:0:c::c1/64
HP Switch(vlan–100)# ipv6 nd ra prefix 

default 1296000 1209600 


HP Switch(vlan–100)# 

show ipv6 nd ra prefix vlan 100

 IPv6 Neighbor Discovery Prefix Information

 VLAN Name : VLAN100 



   IPv6 Prefix        : Default
   Valid Lifetime     : 15 days
   Preferred Lifetime : 14 days
   On–link Flag       : On
   Autonomous Flag    : On
   Advertise Flag     : On

HP Switch(vlan–100)# ipv6 address 2001:db8:0:d::d1/64 


HP Switch(vlan–100)# ipv6 nd ra prefix 2001:db8:0:d::/64 infinite no–autoconfig
HP Switch(vlan–100)# ipv6 nd ra prefix 2001:db8:0:a::/64 at 12/31/2010 00:00:01 12/20/2010 00:00:01 off–link 


HP Switch(vlan–100)# 

show ipv6 nd ra prefix vlan 100

 IPv6 Neighbor Discovery Prefix Information

 VLAN Name : VLAN100

   IPv6 Prefix        : Default 


   Valid Lifetime     : 15 days
   Preferred Lifetime : 14 days
   On–link Flag       : On
   Autonomous Flag    : On
   Advertise Flag     : On

   IPv6 Prefix        : 2001:db8:0:a::/64 


   Valid Lifetime     : 12/31/2010 00:00:01
   Preferred Lifetime : 12/20/2010 00:00:01
   On–link Flag       : Off
   Autonomous Flag    : On
   Advertise Flag     : On

   IPv6 Prefix        : 2001:db8:0:d::/64 


   Valid Lifetime     : Infinite
   Preferred Lifetime : Infinite
   On–link Flag       : On
   Autonomous Flag    : Off
   Advertise Flag     : On

HP Switch(vlan–100)# ipv6 nd ra prefix 

default 2592000 2160000 no–autoconfig 


HP Switch(vlan–100)# 

show ipv6 nd ra prefix vlan 100

 IPv6 Neighbor Discovery Prefix Information

 VLAN Name : VLAN100

   IPv6 Prefix        : Default 


   Valid Lifetime     : 30 days
   Preferred Lifetime : 25 days
   On–link Flag       : On
   Autonomous Flag    : Off
   Advertise Flag     : On

   IPv6 Prefix        : 2001:db8:0:a::/64 


   Valid Lifetime     : 12/31/2010 00:00:01
   Preferred Lifetime : 12/20/2010 00:00:01
   On–link Flag       : Off
   Autonomous Flag    : On
   Advertise Flag     : On

   IPv6 Prefix        : 2001:db8:0:d::/64 


   Valid Lifetime     : Infinite
   Preferred Lifetime : Infinite
   On–link Flag       : On
   Autonomous Flag    : Off
   Advertise Flag     : On

Global unicast addresses configured on VLAN 100

To enable advertising prefixes of global unicast addresses configured on the VLAN, the default command sets default lifetime, prefix link status (on or off-link), autoconfiguration (Autonomous Flag) status (on or off), and advertisement setting (on or off).


	NOTE: Applies only to prefixes in global unicast addresses configured on the VLAN and not uniquely configured by the `prefix` command.

Show command displays default prefix mode settings for global unicast addresses configured on VLAN 100

New global unicast address configured on the VLAN. Followed by command to assign unique lifetime and autoconfig setting in the advertisements for this prefix. Link flag and Advertise flag omitted from the command and therefore set to “On” by default.

Off-link prefix designated with unique lifetime. Autoconfig (Autonomous) flag and Advertise flag omitted from the command and therefore set to “On” default

Show command displays default advertisement settings for prefixes of global unicast addresses configured on VLAN 100

Show command displays unique advertisement settings for 2001:db8:0:a::/64 also configured on VLAN 100

Show command displays unique advertisement settings for 2001:db8:0:d::/64 identified as an off-link prefix

For prefixes configured on the VLAN and not specifically addressed by a prefix command, default changes the default lifetime and the autoconfig setting in advertisements for these prefixes. On-Link flag and Advertise flag omitted from the command and therefore set to “On” by default

Show command displays changes in default prefix mode settings for global unicast addresses configured on VLAN 100

No change for the on-link prefix specifically configured by a prefix command, and the off-link prefix that is also configured for advertisement on the VLAN

Suppressing RAs on a VLAN

Syntax:

[no] ipv6 nd ra suppress

VLAN-context command to turn off (disable) transmission of RAs from the routing switch on the VLAN.

The no form of the command turns on (enables) RA transmission from the routing switch on the current VLAN.

Default: Suppression disable, that is, RA enabled on the VLAN.

Restricting IPv6 RAs

The RA Guard feature restricts the ports (or trunks) that can accept IPv6 RAs. Additionally, ICMPv6 router redirects are blocked on the configured ports.

Only physical ports and trunk ports are supported. Dynamic ports, dynamic trunks, and mesh ports are not supported.


	NOTE: IPv6 RAs are ICMPv6 type 134 messages and may be sent to either the “all nodes” multicast address (FF02:0:0:0:0:0:0:1) or to the address of the device itself as a result of an IPv6 router solicitation. IPv6 router redirect messages are ICMPv6 type 137 messages. They are sent to the source address of the packet that triggered the redirect.

Configuring RA Guard

Syntax:

[no]ipv6 ra-guard ports <port-list> [log]

Enables or disables RA Guard on the specified ports, which blocks IPv6 RAs and router redirects.

The no form of the command disables RA Guard.

[log]: Enables debug logging of RA and redirects packets to debug output.

Enabling RA Guard

HP Switch (config)# ipv6 ra-guard ports 6 log

Operating notes

When a logical trunk port is enabled, all members of the trunk are enabled for RA Guard. Likewise, when a logical trunk port is disabled, (no ipv6 ra-guard ports <trunk-port>), all members of the trunk are disabled for RA.
When ports are configured for RA Guard, hardware resources are allocated. If there are not enough hardware resources, this message displays:
```
Commit failed
```
When debug logging is enabled (ipv6 ra-guard ports <port-list> log), the RA and redirect packets are sent to the CPU, which can be CPU-intensive. This message displays:
```
The log option uses a lot of CPU and should 
be used only for short periods of time.
```
The debug security ra-guardcommand is used to filter and display RA Guard debug log messages.

Use the show ipv6 ra-guard command to display configuration and statistical information about RA Guard.

Configuration and statistics for RA Guard

HP Switch (config)# show ipv6 ra-guard

 IPv6 RA Guard Information

  Port   Block  RAs Blocked Redirs Blocked Log
  -----  ------ ----------- -------------- ---
  1      No     0           0              No 
  2      No     0           0              No 
  3      No     0           0              No 
  4      No     0           0              No 
  5      No     0           0              No 
  6      Yes    123         450            Yes 
  7      No     0           0              No 
  8      No     0           0              No

When RA Guard is enabled, there will be one or two lines displayed in the running config file.

Running config file showing line for RA-Guard

HP Switch(config)# show running-config

Running configuration:

; Jxxxxx Configuration Editor; Created on release #xx.16.xx.0000
; Ver #02.01.0f:0c

hostname "HP Switch"
module 1 type Jxxxxx
module 2 type Jxxxxx
module 3 type Jxxxxx
no stack auto-join
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-4, 7-48, A1-A4
   ipv6 address fe80::2 link-local
   ip address dhcp-bootp
   ipv6 enable
   no untagged 5-6
   exit
vlan 2
   name "VLAN2"
   untagged 5-6
   ip address 10.10.10.1 255.255.255.0
   exit
power-over-ethernet pre-std-detect
sflow 3 destination 3fff::3
ipv6 unicast-routing
ipv6 ra-guard ports 6 log

RA Guard is enabled on port 6; logging is enabled.

prev		next
Configuring static IPv6 routes	home	Viewing the RA configuration


	NOTE: In the default configuration, both the M-bit and the O-bit are disabled, and a host receiving the RA must acquire its prefix and ND configuration from the RA itself and not from a DHCPv6 server.


	NOTE: If multiple routers on the same VLAN are configured to advertise a reachable time, all such routers should use the same reachable-time setting.

Time in seconds:	`[<0–4294967295> <0–4294967295>]`
Specific date and time	`[ at <valid–lifetime> <preferred–lifetime> ]` `<valid–lifetime–MM/DD[/[YY]YY]]>` `<valid–lifetime–HH:MM[:SS]>` `<preferred–lifetime–MM/DD[/[YY]YY]]>` `<preferred–lifetime–HH:MM[:SS]>]` `<valid–date> <preferred–date>`


	NOTE: To configure a prefix as `off–link` or `no–autoconfig`, you must enter unique valid and preferred lifetimes with the `prefix` command (instead of the `default` command).