[j-nsp] IPv6 Router Guard
Chris Evans
chrisccnpspam2 at gmail.com
Thu Jul 28 21:34:38 EDT 2011
I'm trying to implement a firewall filter to implement IPv6 RA guard on an
EX4200. I have the ACL written to block DHCP and icmp router-advertisements.
However it appears that the EX4200 only supports IPv4 at this time for
PACLs? I have applied the filter ingress to my interfaces and RA
advertisements are still passing.
This is on 11.1 code. Anyone else tried this??
EX4200-1> show configuration firewall
family ethernet-switching {
filter RA-GUARD {
interface-specific;
term RA-GUARD-DHCP {
from {
protocol udp;
source-port 547;
destination-port 546;
}
then {
discard;
count DHCP;
}
}
term RA-GUARD-ICMP-RA {
from {
protocol icmp;
icmp-type router-advertisement;
}
then {
discard;
count ICMP-RA;
}
}
term ALL-ELSE {
then accept;
}
}
}
More information about the juniper-nsp
mailing list