discard (forwarding-options)
Syntax
discard {
prefix-list-name prefix-list-name;
source-ip-address-list address-list-name;
source-mac-address-list address-list-name;
}
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard policy policy-name]
Description
Configure a discard policy for an IPv6 Router Advertisement (RA) guard policy. RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in the policy.
When RA guard is enabled, the switch compares the information contained in the attributes of RA messages to the criteria configured in the policy. When RA guard is enabled by using a discard policy, any RA messages that match the conditions defined in the policy are dropped, and RA messages that do not match the conditions are forwarded.
The criteria are configured as one or more lists of IPv6 addresses,
MAC addresses, or IPv6 address prefixes associated with the policy.
RA guard compares the source address or address prefix of incoming
RA messages with the configured lists. You configure the lists at
the [edit policy-options] hierarchy level, by using the prefix-list option
for an IPv6 address or address prefix list, and the mac-list option for a MAC address
list.
If more than one list is associated with a discard policy, then an incoming RA message that meets the criteria in any of the lists is discarded.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.