interface (RA Guard)
Syntax
interface interface-name {
mark-interface (trusted | block);
policy policy-name (stateful | stateless);
}
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard]
Description
Configure IPv6 Router Advertisement (RA) guard on an interface. In an IPv6 deployment, RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in a policy.
Before you can configure RA guard on an interface, you must
first configure a policy at the [edit forwarding-options access-security
router-advertisement-guard] hierarchy level. The policy is then
applied to an interface at the [edit forwarding-options access-security
router-advertisement-guard interface interface-name] hierarchy level.
If you apply an RA guard policy on an interface, you must
enable RA guard on the VLAN that is associated with that interface
by using the vlan statement at the [edit forwarding-options
access-security router-advertisement-guard] hierarchy level.
The remaining statements are explained separately. See CLI Explorer.
Options
| interface-name | Configure RA guard parameters on the specified interface. |
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.