Problem:

Why ECS4210 series will fail to enable IPv6 RA Guard on port interface ?

Problem description:

When user would like to enable IPv6 RA Guard on port interface by command below, but it display failed.

Console#con
Console(config)#interface ethernet 1/1
Console(config-if)#ipv6 nd raguard
Failed to configure IPv6 RA Guard on port 1/1.
Console(config-if)#

Solution:

To sloved rules number issue on ECS4210 series, R&D add new feature for dynamic TCAM allocation.

About IPv6 RA Guard, it's IPv6 rule.

According to tcam design, you must change to "default" mode then could enable IPv6 RA Guard.(default is ipv4 mode)

Console(config)#tcam allocation ?
  default  allocate one slice for MAC, one slice for IPv4, two slices for IPv6
  ipv4     allocate one slice for MAC, three slices for IPv4, no slices for IPv6
  mac      allocate two slices for MAC, one slice for IPv4, no slices for IPv6
Console(config)#tcam allocation default

*Please remember save the config and reboot the switch, then new allocation will apply.

When you use IPv4/MAC mode, it will share IPv6 table to IPv4/MAC.

On "IPv4" or "MAC" mode, it will always fail to enable IPv6 RA Guard.

[Reason]

Chip have symptom for the limit number of ACLs.

[Target]

Dynamic to allocate superfluous rules to other rules.

[Action] .

==default mode==

MAC rules: 128 rules share with MAC ACL, MAC service policy and reserved rules.

IPv4 rules: 128 rules share with IPv4 ACL, IPv4 service policy and reserved rules.

IPv6 rules: 128 rules share with IPv6 ACL, IPv6 service policy and reserved rules.

==IPv4 mode==

MAC rules: 128 rules share with MAC ACL, MAC service policy and reserved rules.

IPv4 rules: 128 rules share with IPv4 ACL. 256 rules share with IPv4 service policy.

IPv6 rules: 0 rules.

==mac mode==

MAC rules: 128 rules share with MAC ACL and reserved rules. 128 rules share with MAC service policy.

IPv4 rules: 128 rules share with IPv4 ACL, IPv4 service policy and reserved rules.

IPv6 rules: 0 rules.