HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Comware: finally a working IPv6 "RA guard"?

 
MichaelM55
Trusted Contributor

Comware: finally a working IPv6 "RA guard"?

Hello,

while reading the R5501P27 release notes (rfor the HP A5500-HI switches I happily found a new IPv6 "RA guard" for host ports:

RA1.png

 

 

RA2.png

 

 

 

It would be great if we get that feature on some other switches as well, e.,g. A5500-EI.

Perhaps someone of the HPE team could help with this?

Regards

Michael

1 REPLY
16again
Respected Contributor

Re: Comware: finally a working IPv6 "RA guard"?

Even on low end switch HP1920 , I can block incoming RAs on a port.  Snippet below uses ipv6 ICMP type,  you can also block specific destination MAC instead.

 

acl number 4000
description Select IPv6 RA MAC address
rule 0 permit dest-mac 3333-0000-0001 ffff-ffff-ffff

acl ipv6 number 3000
description IPv6_RA
rule 0 permit icmpv6 icmp6-type router-advertisement

traffic classifier CL_IPv6RA operator and
if-match acl ipv6 3000

qos policy POL_BlockRA
classifier CL_IPv6RA behavior Block

interface GigabitEthernet1/0/1
qos apply policy POL_BlockRA inbound