Comware

 View Only
Back to discussions
Expand all | Collapse all

Comware: finally a working IPv6 "RA guard"?

This thread has been viewed 0 times

  • 1.  Comware: finally a working IPv6 "RA guard"?

    Posted Aug 25, 2016 06:58 AM

    Hello,

    while reading the R5501P27 release notes (rfor the HP A5500-HI switches I happily found a new IPv6 "RA guard" for host ports:

    RA1.png

     

     

    RA2.png

     

     

     

    It would be great if we get that feature on some other switches as well, e.,g. A5500-EI.

    Perhaps someone of the HPE team could help with this?

    Regards

    Michael



  • 2.  RE: Comware: finally a working IPv6 "RA guard"?

    Posted Sep 03, 2016 02:31 AM

    Even on low end switch HP1920 , I can block incoming RAs on a port.  Snippet below uses ipv6 ICMP type,  you can also block specific destination MAC instead.

     

    acl number 4000
    description Select IPv6 RA MAC address
    rule 0 permit dest-mac 3333-0000-0001 ffff-ffff-ffff

    acl ipv6 number 3000
    description IPv6_RA
    rule 0 permit icmpv6 icmp6-type router-advertisement

    traffic classifier CL_IPv6RA operator and
    if-match acl ipv6 3000

    qos policy POL_BlockRA
    classifier CL_IPv6RA behavior Block

    interface GigabitEthernet1/0/1
    qos apply policy POL_BlockRA inbound



Related Content