accept (Router Advertisement Guard Policy)
Syntax
accept {
match-list {
match-criteria {
(match-all | match-any);
}
prefix-list-name prefix-list-name;
source-ip-address-list address-list-name;
source-mac-address-list address-list-name;
}
match-option {
hop-limit {
(maximum | minimum) value;
}
managed-config-flag;
other-config-flag;
router-preference (high | low | medium);
}
}
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard policy policy-name]
Description
Configure the accept policy for an IPv6 Router Advertisement (RA) guard policy. RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in the policy.
When RA guard is enabled, the switch compares the information contained in the attributes of RA messages to the information contained in the policy. If RA guard is enabled by using an accept policy, any RA messages that match the conditions defined in the policy are forwarded, and RA messages that do not match the conditions are dropped.
The criteria are configured either as one or more lists of source
address or address prefixes, which are associated with the accept
policy by using the match-list statement, or match
condition parameters, which are associated with the accept policy
by using the match-option statement.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.