Configuring an RA guard policy

Configure an RA guard policy if you do not specify a role for the attached device or if you want to filter the RA messages sent by a router.

To configure an RA guard policy:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create an RA guard policy and enter its view.

ipv6 nd raguard policy policy-name

By default, no RA guard policies exist.

If the policy does not contain match criteria, the policy will not take effect and the device drops all received RA messages.

3. (Optional.) Specify an ACL match criterion.

if-match acl { ipv6-acl-number | name ipv6-acl-name }

By default, no ACL match criterion exists.

4. (Optional.) Specify a prefix match criterion.

if-match prefix acl { ipv6-acl-number | name ipv6-acl-name }

By default, no prefix match criterion exists.

5. (Optional.) Specify a router preference match criterion.

if-match router-preference maximum { high | low | medium }

By default, no router preference match criterion exists.

6. (Optional.) Specify an M flag match criterion.

if-match autoconfig managed-address-flag { off | on }

By default, no M flag match criterion exists.

7. (Optional.) Specify an O flag match criterion.

if-match autoconfig other-flag { off | on }

By default, no O flag match criterion exists.

8. (Optional.) Specify a maximum or minimum hop limit match criterion.

if-match hop-limit { maximum | minimum } limit

By default, no hop limit match criterion exists.

9. Quit RA guard policy view.

quit

N/A

10. Enter VLAN view.

vlan vlan-number

N/A

11. Apply an RA guard policy to the VLAN.

ipv6 nd raguard apply policy [ policy-name ]

By default, no RA guard policy is applied to the VLAN.