IPv6 RA Guard Configuration
show raguard policy
Section titled “show raguard policy”[Command] show raguard policy
[Purpose] View the configuration of the RA Guard policy
[View] System view
[Use Cases]
sonic# show raguard policy+----------+--------------------------------------------------+| VLAN |POLICY |+==========+==================================================+| Vlan800 | {'prefix@': 'fd00:803::/64,fd00:403::/64'} |+-------- -+--------------------------------------------------+show raguard role
Section titled “show raguard role”[Command] show raguard role
[Purpose] View RA Guard interface role configuration
[View] System view
[Use Cases]
sonic# show raguard role+-------------+---------+| PORT | ROLE |+=============+=========+| Ethernet5 | user |+-------------+---------+raguard role
Section titled “raguard role”[Command] raguard role {user|router|hybrid} no raguard role {user|router|hybrid}
[Purpose] Configure the interface role for the RA Guard function
[Parameter]
| Parameter | Description |
|---|---|
| user | Specify the interface role as user and discard RA packets |
| router | Specify the interface role as router and forward RA packets |
| hybrid | Mixed mode, according to policy specifications to determine whether to discard RA packets |
[View] Interface view
[Use Cases]
sonic(config)# interface ethernet 1sonic(config-if-1)# raguard role userraguard policy src-ip
Section titled “raguard policy src-ip”[Command] raguard policy src-ip A::B no raguard policy param src-ip no raguard policy
[Purpose] Configure the matching rules for the source IPv6 address of RA packets
[Parameter]
| Parameter | Description |
|---|---|
| A::B | IPv6 address, support for multiple IPv6 addresses in, separated configuration |
[View] VLAN view
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# raguard policy src-ip fe80::1a17:25ff:fe37:6722, fe80::1a17:25ff:fe37:6723raguard policy src-mac
Section titled “raguard policy src-mac”[Command] raguard policy src-mac HH:HH:HH:HH:HH:HH no raguard policy param src-mac no raguard policy
[Purpose] Configure the matching rules for the source MAC address of RA packets
[Parameter]
| Parameter | Description |
|---|---|
| HH:HH:HH:HH:HH:HH | MAC address, support to configure multiple MAC addresses separated by ”,” |
[View] VLAN view
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# raguard policy src-mac 00:00:01:02:03:11raguard policy {hop-limit-high| hop-limit-low}
Section titled “raguard policy {hop-limit-high| hop-limit-low}”[Command] raguard policy {hop-limit-high| hop-limit-low} value no raguard policy param {hop-limit-high| hop-limit-low} value no raguard policy
[Purpose] Configure the maximum and minimum value matching rules for the hop limit in RA packets
[Parameter]
| Parameter | Description |
|---|---|
| value | Value range: 0-255 |
[View] VLAN view
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# raguard policy hop-limit-high 10raguard policy managed-flag
Section titled “raguard policy managed-flag”[Command] raguard policy managed-flag {on|off} no raguard policy param managed-flag no raguard policy
[Purpose] Configure the matching rules for the M flag bit in RA packets
[View] VLAN view
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# raguard policy managed-flag onraguard policy other-flag
Section titled “raguard policy other-flag”[Command] raguard policy other-flag {on|off} no raguard policy param managed-flag no raguard policy
[Purpose] Configure the matching rules for the O flag bit in RA packets
[View] VLAN view
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# raguard policy other-flag onraguard policy prefix
Section titled “raguard policy prefix”[Command] raguard policy prefix A::B/M no raguard policy param prefix no raguard policy
[Purpose] Configure the matching rules for the IPv6 prefixes carried by RA packets
[Parameter]
| Parameter | Description |
|---|---|
| A::B/M | IPv6 prefix information, support multiple IPv6 addresses separated by ”,” |
[View] VLAN view
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# raguard policy prefixraguard policy router-pref-max
Section titled “raguard policy router-pref-max”[Command] raguard policy router-pref-max {low|medium|high} no raguard policy param router-pref-ma no raguard policy
[Purpose] Configure the highest priority matching rule for routing RA packets
[View] VLAN view
[Usage Scenario] When an interface configured with this policy receives RA packets, it will check the routing priority carried by the packet, and RA packets with a priority less than or equal to that configured by the rule will be forwarded, otherwise they will be dropped.
[Use Cases]
sonic(config)# vlan 100sonic(config-vlan-100)# raguard policy router-pref-max medium