source-mac-address-list
Syntax
source-mac-address-list address-list-name;
Hierarchy Level
[edit forwarding-options access-security router-advertisement-guard policy policy-name discard (forwarding-options)] [edit forwarding-options access-security router-advertisement-guard policy policy-name accept (Router Advertisement Guard Policy) match-list]
Description
Configure a list of MAC addresses for an IPv6 Router Advertisement (RA) guard policy to validate the source MAC address of an incoming RA message against the MAC addresses in this list. RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in the policy.
You can use a list of MAC address for validating RA messages
as part of either an accept policy or a discard policy. Before you
can include a list in an RA policy, you much configure the list name
at the [edit policy-options mac-list] hierarchy level. When RA guard is enabled by using an accept
policy, any RA messages that match the conditions defined in the policy
are forwarded, and RA messages that do not match the conditions are
dropped. When RA guard is enabled by using a discard policy, any RA
messages that match the conditions are dropped, and RA messages that
do not match the conditions are forwarded.
Options
address-list-name |
Configure the RA guard policy to match the MAC source address of an incoming RA message to a MAC address contained in the list. |
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X53-D55.