[j-nsp] IPv6 Router Guard
Chris Adams
cmadams at hiwaay.net
Thu Jul 28 22:40:21 EDT 2011
Once upon a time, Chris Evans <chrisccnpspam2 at gmail.com> said:
> I'm trying to implement a firewall filter to implement IPv6 RA guard on an
> EX4200. I have the ACL written to block DHCP and icmp router-advertisements.
> However it appears that the EX4200 only supports IPv4 at this time for
> PACLs? I have applied the filter ingress to my interfaces and RA
> advertisements are still passing.
>
> This is on 11.1 code. Anyone else tried this??
>
> EX4200-1> show configuration firewall
> family ethernet-switching {
> term RA-GUARD-ICMP-RA {
> from {
> protocol icmp;
> icmp-type router-advertisement;
You are filtering the (unused) IPv4 ICMP RAs, not IPv6 ICMPv6 RAs. You
can match protocol icmpv6, but I don't think there is a corresponding
icmpv6-type, so I don't think you can do this right now.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the juniper-nsp
mailing list