Comware: finally a working IPv6 "RA guard"?

MichaelM55 · ‎08-25-2016

Hello,

while reading the R5501P27 release notes (rfor the HP A5500-HI switches I happily found a new IPv6 "RA guard" for host ports:

It would be great if we get that feature on some other switches as well, e.,g. A5500-EI.

Perhaps someone of the HPE team could help with this?

Regards

Michael

16again · ‎09-02-2016

Even on low end switch HP1920 , I can block incoming RAs on a port. Snippet below uses ipv6 ICMP type, you can also block specific destination MAC instead.

acl number 4000
description Select IPv6 RA MAC address
rule 0 permit dest-mac 3333-0000-0001 ffff-ffff-ffff

acl ipv6 number 3000
description IPv6_RA
rule 0 permit icmpv6 icmp6-type router-advertisement

traffic classifier CL_IPv6RA operator and
if-match acl ipv6 3000

qos policy POL_BlockRA
classifier CL_IPv6RA behavior Block

interface GigabitEthernet1/0/1
qos apply policy POL_BlockRA inbound

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Comware: finally a working IPv6 "RA guard"?

Comware: finally a working IPv6 "RA guard"?

Re: Comware: finally a working IPv6 "RA guard"?