[j-nsp] IPv6 Router Guard
Chris Evans
chrisccnpspam2 at gmail.com
Fri Jul 29 06:53:58 EDT 2011
Yeah I think you are right. Ipv6 isn't supported on Ethernet filters at this
point.
On Jul 28, 2011 10:42 PM, "Chris Adams" <cmadams at hiwaay.net> wrote:
> Once upon a time, Chris Evans <chrisccnpspam2 at gmail.com> said:
>> I'm trying to implement a firewall filter to implement IPv6 RA guard on
an
>> EX4200. I have the ACL written to block DHCP and icmp
router-advertisements.
>> However it appears that the EX4200 only supports IPv4 at this time for
>> PACLs? I have applied the filter ingress to my interfaces and RA
>> advertisements are still passing.
>>
>> This is on 11.1 code. Anyone else tried this??
>>
>> EX4200-1> show configuration firewall
>> family ethernet-switching {
>> term RA-GUARD-ICMP-RA {
>> from {
>> protocol icmp;
>> icmp-type router-advertisement;
>
> You are filtering the (unused) IPv4 ICMP RAs, not IPv6 ICMPv6 RAs. You
> can match protocol icmpv6, but I don't think there is a corresponding
> icmpv6-type, so I don't think you can do this right now.
>
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list