Which statement about IPv6 RA Guard is true?
Which statement about IPv6 RA Guard is true?
IPv6 RA Guard does not offer protection in environments where IPv6 traffic is tunneled. This is because the feature is designed to filter out rogue Router Advertisement messages on the local network segment, but when IPv6 traffic is tunneled, the effectiveness of IPv6 RA Guard is bypassed since the potentially malicious traffic is encapsulated and not subject to the same filtering.
Ref: IPv6 First-Hop Security Configuration Guide, Cisco IOS XE Release 3S “C H A P T E R 1 IPv6 RA Guard … Restrictions for IPv6 RA Guard … • The IPv6 RA Guard feature does not offer protection in environments where IPv6 traffic is tunneled. …” A. It does not offer protection in environments where IPv6 traffic is tunneled. Correct answer. B. It cannot be configured on a switch port interface in the ingress direction. Wrong answer. C. Packets that are dropped by IPv6 RA Guard cannot be spanned. Wrong answer. D. It is not supported in hardware when TCAM is programmed. Wrong answer.
The correct answer is A.
A is correct
Correct: A : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-3s/ip6f-xe-3s-book/ip6-ra-guard.pdf
The given answer is correct
C is the correct !!!
C is definately wrong. Packets dropped by the IPv6 RA Guard feature can be spanned https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s-book/ip6-ra-guard.pdf