match-list

Syntax

Hierarchy Level

Description

Configure one or more lists of IPv6 addresses, MAC addresses, or IPv6 address prefixes to be associated with an IPv6 Router Advertisement (RA) guard accept policy.

RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in the policy.

You can configure match lists in either an accept policy or a discard policy. When RA guard is enabled by using an accept policy, RA messages that match the conditions defined in the policy are forwarded, and RA messages that do not match the conditions are dropped. When RA guard is enabled by using a discard policy, RA messages that match the conditions are dropped, and RA messages that do not match the conditions are forwarded.

You can associate match lists or match conditions (see match-option) with an accept policy. You can configure match lists that be associated with an accept policy by using the match-list statement. The lists configured by using the match-list statement can contain IPv6 addresses, MAC addresses, or IPv6 address prefixes. RA guard examines the source address or address prefix. You configure the lists at the [edit policy-options] hierarchy level by using the prefix-list option for an IPv6 address or address prefix list, and mac-list for a MAC address list.

Options

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1X53-D55.