source-ip-address-list
Syntax
source-ip-address-list address-list-name;
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard policy policy-name discard (forwarding-options)] [edit forwarding-options access-security router-advertisement-guard policy policy-name accept (Router Advertisement Guard Policy) match-list]
Description
Configure a list of IPv6 addresses for an IPv6 Router Advertisement (RA) guard policy to validate the source IPv6 address of an incoming RA message against the IPv6 addresses in this list. RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in the policy.
You can use a list of IPv6 addresses for validating RA messages
as part of either an accept policy or a discard policy. Before you
can include a list in an RA policy, you must configure the list name
at the [edit policy-options prefix-list] hierarchy level. When
RA guard is enabled by using an accept policy, any RA messages that
match the conditions defined in the policy are forwarded, and RA messages
that do not match the conditions are dropped. When RA guard is enabled
by using a discard policy, any RA messages that match the conditions
are dropped, and RA messages that do not match the conditions are
forwarded.
Options
address-list-name |
Configure a list of IPv6 addresses to use in an RA guard policy. The policy is used to validate the source of an incoming RA message by comparing the IPv6 address of the RA message to the IPv6 addresses contained in the list. |
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.