Create RA Guard Policy
About this task
Use this procedure to create a RA Guard policy to block or reject unwanted or rogue RA messages that arrive at the network device platform.
Procedure
- In the navigation pane, expand .
- Select FHS.
- Select the RA Guard Policy tab.
- Select Insert.
- Configure the parameters for the RA Guard policy.
- Select Insert.
- Optional: Select Refresh to update the results.
RA Guard Policy Field Descriptions
Use the data in the following table to use the RA Guard Policy tab.
|
Name |
Description |
|---|---|
|
PolicyName |
Specifies the name of the RA Guard policy to be created or modified. |
|
SrcAddrList |
Specify the IPv6 access list name to verify the sender IPv6 address in the RA packets against the attached IPv6 access list. Note:
The source address in the RA packet is not validated if the access-list is not attached. If the list is attached and the IPv6 source address in RA packet does not match any IPv6-prefix in the list, then the RA packet is dropped. To change this behavior, add an entry in the IPv6 access list with prefix 0::0/0 with access type as allow. The default value changes from drop to allow. |
|
PrefixList |
Specify the IPv6 prefix list name to verify the advertised prefixes in the RA packet against the attached IPv6 prefix list. Note:
Advertised prefixes are not validated if the access-list is not attached. If the list is attached and the advertised prefix in the RA packet does not match any IPv6-prefix in the list, then the RA packet is dropped. To change this behavior, add an entry in the IPv6 access list with prefix 0::0/0 with access type as allow. The default value changes from drop to allow. |
|
MacAddrList |
Specify the MAC list name to verify the sender source MAC address against the attached MAC access list. Note:
The source MAC address in the RA packet is not validated if the access-list is not attached. If the list is attached and the source MAC address in the RA packet does not match any MAC address in the list, then the RA packet is dropped. |
|
ManagedConfigFlag |
Select the managed configuration flag to verify managed address configuration in the advertised RA packet. By default, none is selected and managed configuration flag validation is skipped. |
|
RouterPrefMax |
Select the router preference maximum to verify the if the advertised default router preference parameter value is lower than or equal to a specified limit. By default, none is selected and router preference validation is skipped. |
|
HopLimitMin |
Specify the minimum hop limit to verify the advertised hop count limit. The value range is from 0 to 255 By default, minimum hop limit is 0. |
|
HopLimitMax |
Specify the maximum hop limit to verify the advertised hop count limit. The value range is from 0 to 255 By default, the maximum hop limit is 0 and If both HopLimitMin and HopLimitMax are set to 0, then the hop limit parameter in the RA packet is not validated. |