onlink-subnet-only
Syntax
Hierarchy Level
Release Information
Statement introduced in Junos OS Release 10.0.
Statement introduced in Junos OS Release 11.3 for SRX Series devices.
Description
Enable this option to prevent the device from responding to a Neighbor Solicitation (NS) from a prefix which was not included as one of the device interface prefixes.
After configuring the onlink-subnet-only statement, the Routing Engine needs to be restarted using the request system reboot both-routing-engines command. If the attacker’s IPv6 destination address is already in the forwarding-table, it is not removed after you configure the onlink-subnet-only statement, and therefore the device continues to respond to ping NSs. Restarting the Routing Engine removes the entry from the forwarding table.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
