IPv6 RA Guard Configuration

14 min

ipv6 ra guard configuration show raguard policy \[command] show raguard policy \[purpose] view the configuration of the ra guard policy \[view] system view sonic# show raguard policy + + + \| vlan |policy | +==========+==================================================+ \| vlan800 | {'prefix@' 'fd00 803 /64,fd00 403 /64'} | + + + show raguard role \[command] show raguard role \[purpose] view ra guard interface role configuration \[view] system view sonic# show raguard role + + + \| port | role | +=============+=========+ \| ethernet5 | user | + + + raguard role \[command] raguard role {user|router|hybrid} no raguard role {user|router|hybrid} \[purpose] configure the interface role for the ra guard function \[parameter] parameter description user specify the interface role as user and discard ra packets router specify the interface role as router and forward ra packets hybrid mixed mode, according to policy specifications to determine whether to discard ra packets \[view] interface view sonic(config)# interface ethernet 1 sonic(config if 1)# raguard role user raguard policy src ip \[command] raguard policy src ip a b no raguard policy param src ip no raguard policy \[purpose] configure the matching rules for the source ipv6 address of ra packets \[parameter] parameter description a b ipv6 address, support for multiple ipv6 addresses in, separated configuration \[view] vlan view sonic(config)# vlan 100 sonic(config vlan 100)# raguard policy src ip fe80 1a17 25ff\ fe37 6722, fe80 1a17 25ff\ fe37 6723 raguard policy src mac \[command] raguard policy src mac hh\ hh\ hh\ hh\ hh \ hh no raguard policy param src mac no raguard policy \[purpose] configure the matching rules for the source mac address of ra packets \[parameter] parameter description hh\ hh\ hh\ hh\ hh \ hh mac address, support to configure multiple mac addresses separated by "," \[view] vlan view sonic(config)# vlan 100 sonic(config vlan 100)# raguard policy src mac 00 00 01 02 03 11 raguard policy {hop limit high| hop limit low} \[command] raguard policy {hop limit high| hop limit low} value no raguard policy param {hop limit high| hop limit low} value no raguard policy \[purpose] configure the maximum and minimum value matching rules for the hop limit in ra packets \[parameter] parameter description value value range 0 255 \[view] vlan view sonic(config)# vlan 100 sonic(config vlan 100)# raguard policy hop limit high 10 raguard policy managed flag \[command] raguard policy managed flag {on|off} no raguard policy param managed flag no raguard policy \[purpose] configure the matching rules for the m flag bit in ra packets \[view] vlan view sonic(config)# vlan 100 sonic(config vlan 100)# raguard policy managed flag on raguard policy other flag \[command] raguard policy other flag {on|off} no raguard policy param managed flag no raguard policy \[purpose] configure the matching rules for the o flag bit in ra packets \[view] vlan view sonic(config)# vlan 100 sonic(config vlan 100)# raguard policy other flag on raguard policy prefix \[command] raguard policy prefix a b/m no raguard policy param prefix no raguard policy \[purpose] configure the matching rules for the ipv6 prefixes carried by ra packets \[parameter] parameter description a b/m ipv6 prefix information, support multiple ipv6 addresses separated by "," \[view] vlan view sonic(config)# vlan 100 sonic(config vlan 100)# raguard policy prefix raguard policy router pref max \[command] raguard policy router pref max {low|medium|high} no raguard policy param router pref max no raguard policy \[purpose] configure the highest priority matching rule for routing ra packets \[view] vlan view \[usage scenario] when an interface configured with this policy receives ra packets, it will check the routing priority carried by the packet, and ra packets with a priority less than or equal to that configured by the rule will be forwarded, otherwise they will be dropped sonic(config)# vlan 100 sonic(config vlan 100)# raguard policy router pref max medium