prefix-list-name
Syntax
prefix-list-name prefix-list-name;
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard policy policy-name discard (forwarding-options)] [edit forwarding-options access-security router-advertisement-guard policy policy-name accept (Router Advertisement Guard Policy) match-list]
Description
Configure a list of IPv6 address prefixes for an IPv6 Router Advertisement (RA) guard policy. The policy is used to validate the source IPv6 address prefix of an incoming RA message against the IPv6 address prefixes in this list. RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in the policy.
You can use a list of IPv6 address prefixes for validating RA
messages as part of either an accept policy or a discard policy. Before
you can include a list in an RA guard policy, you must configure the
list name at the [edit policy-options prefix-list] hierarchy level. When RA guard is enabled by using an accept policy,
any RA messages that match the conditions defined in the policy are
forwarded, and RA messages that do not match the conditions are dropped.
When RA guard is enabled by using a discard policy, any RA messages
that match the conditions are dropped, and RA messages that do not
match the conditions are forwarded.
Options
prefix-list-name |
Configure a list of IPv6 address prefixes for an RA guard policy. The policy is used to validate the source of an incoming RA message by comparing the IPv6 address prefix of the RA message to the IPv6 address prefixes contained in the list. |
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.