Versions Compared

Version Old Version 5 New Version 6
Changes made by

Tracy Yang

Tracy Yang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleNOTE:

Enable IP routing function before using this feature, for details please refer to Configuring IP Routing.

When the switch receives an ingress router advertisement (RA) message, it will attempt to match the message via the RA guard. If the ingress port has the RA guard applied but is not a trusted port, the applied VLAN ID will be matched first. If the RA tag is matched with the VLAN ID, the RA guard will continue matching conditions to determine whether to forward or drop the RA message. If the RA tag is not matched with the VLAN ID, the applied interface will be matched (followed by the subsequent conditions). RA guard policy can be configured using hop-limit, managed-config-flag, other-config-flag, prefix, source-ipv6-addr, and source-mac-addr options.

Code Block
admin@XorPlus# set protocols neighbour ra-guard term 1guard1 from hop-limit 1
admin@XorPlus# set protocols neighbour ra-guard term 1guard1 from managed-config-flag false
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus# set protocols neighbour ra-guard term 2guard2 from prefix 2001:1:1:1::/64
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus# set protocols neighbour ra-guard term 3guard3 from source-mac-addr 22:22:22:22:22:22 
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#

...

Code Block
admin@XorPlus# set protocols neighbour ra-guard term 1 interface ge-1/1/1
admin@XorPlus# set protocols neighbour ra-guard term 1 interface ae1
admin@XorPlus# set protocols neighbour ra-guard term 1 vlan-id 2
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#set protocols neighbour ra-guard trusted-port ge-1/1/12
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus# set protocols neighbour ra-guard term 2 vlan-id 3
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#

...

Code Block
admin@XorPlus# run show ra-guard 
Ra-guard: 1guard1
    cur hop limit  : 1..1
    managed configuration: Unset
    interface      : ae1
    vlan           : 2
    packet dropped : 0
    packet total   : 0

Ra-guard: 2guard2
    prefix         : 2001:1:1:1::/64
    vlan           : 3
    packet dropped : 0
    packet total   : 0

Ra-guard: 3guard3
    source mac address: 22:22:22:22:22:22
    packet dropped : 0
    packet total   : 0

trusted port: ge-1/1/2
admin@XorPlus# run show ra-guard name 1guard1
Ra-guard: 1guard1
    cur hop limit  : 1..1
    managed configuration: Unset
    interface      : ae1
    vlan           : 2
    packet dropped : 0
    packet total   : 0

...