mark-interface (RA Guard)
Syntax
mark-interface (trusted | block);
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard interface interface-name]
Description
Configure an interface as blocked or trusted for IPv6 Router Advertisement (RA) guard. In an IPv6 deployment, RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. RA guard performs checks on incoming RA messages to make sure that they are sent from legitimate routers. If the sender of the RA message cannot be validated, the RA message is dropped.
You can configure the mark-interface statement on
an interface to bypass RA guard policy checks on that interface. If
an interface is configured as either a trusted interface or a blocked
interface, RA messages received on the interface are not subject to
inspection by RA guard, even if the interface or VLAN is enabled for
RA guard. If the interface is trusted, it forwards all RA messages.
If the interface is blocked, it drops all RA messages.
Options
block |
Configure an interface as blocked for bypassing inspection of RA messages received on that interface by RA guard. When you configure an interface as blocked, all RA messages received on the interface are dropped. |
trusted |
Configure an interface as trusted for bypassing inspection of RA messages received on that interface by RA guard. When you configure an interface as trusted, all RA messages received on the interface are forwarded. |
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.