policy
Syntax
policy policy-name {
accept (Router Advertisement Guard Policy) {
match-list {
match-criteria {
(match-all | match-any);
}
prefix-list-name prefix-list-name;
source-ip-address-list address-list-name;
source-mac-address-list address-list-name;
}
match-option {
hop-limit {
(maximum | minimum) value;
}
managed-config-flag;
other-config-flag;
router-preference (high | low | medium);
}
}
discard (forwarding-options) {
prefix-list-name prefix-list-name;
source-ip-address-list address-list-name;
source-mac-address-list address-list-name;
}
}
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard] [edit forwarding-options access-security router-advertisement-guard interface interface-name] [edit forwarding-options access-security router-advertisement-guard vlans (vlan-name| all)]
Description
Configure the policy for an IPv6 Router Advertisement (RA) guard. RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages based on whether they match the conditions defined in the policy.
RA guard compares the information contained in attributes of RA messages to the information contained in the policy. You must configure the policy before you can enable RA guard. You can configure either an accept policy or a discard policy and enable it on an interface or on a VLAN. When RA guard is enabled by using an accept policy, any RA messages that match the conditions defined in the policy are forwarded, and RA messages that do not match the conditions are dropped. When RA guard is enabled by using a discard policy, any RA messages that match the conditions defined in the policy are dropped, and RA messages that do not match the conditions are forwarded.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.