I'm trying to implement a firewall filter to implement IPv6 RA guard on an
EX4200. I have the ACL written to block DHCP and icmp router-advertisements.
However it appears that the EX4200 only supports IPv4 at this time for
PACLs? I have applied the filter ingress to my interfaces and RA
advertisements are still passing.
This is on 11.1 code. Anyone else tried this??
EX4200-1> show configuration firewall
family ethernet-switching {
filter RA-GUARD {
interface-specific;
term RA-GUARD-DHCP {
from {
protocol udp;
source-port 547;
destination-port 546;
}
then {
discard;
count DHCP;
}
}
term RA-GUARD-ICMP-RA {
from {
protocol icmp;
icmp-type router-advertisement;
}
then {
discard;
count ICMP-RA;
}
}
term ALL-ELSE {
then accept;
}
}
}
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
