I'm trying to implement a firewall filter to implement IPv6 RA guard on an EX4200. I have the ACL written to block DHCP and icmp router-advertisements. However it appears that the EX4200 only supports IPv4 at this time for PACLs? I have applied the filter ingress to my interfaces and RA advertisements are still passing.
This is on 11.1 code. Anyone else tried this?? EX4200-1> show configuration firewall family ethernet-switching { filter RA-GUARD { interface-specific; term RA-GUARD-DHCP { from { protocol udp; source-port 547; destination-port 546; } then { discard; count DHCP; } } term RA-GUARD-ICMP-RA { from { protocol icmp; icmp-type router-advertisement; } then { discard; count ICMP-RA; } } term ALL-ELSE { then accept; } } } _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp