646
Predefined user roles
network-admin
mdc-admin
Parameters
ipv6-acl-number
: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999.
name ipv6-acl-name
: Specifies an IPv6 basic ACL by its name, a case-insensitive string of 1 to 63
characters. The name must start with an English letter. To avoid confusion, the name cannot be
all
.
Usage guidelines
RA guard uses the ACL match criterion to match the IP address of the RA message sender. If the
sender IP address matches a permit rule, the message passes the check.
If the specified ACL does not exist or does not contain a rule, the ACL match criterion does not take
effect.
Examples
# Use IPv6 basic ACL 2001 as the ACL match criterion for the RA guard policy
policy1
.
<Sysname> system-view
[Sysname] ipv6 nd raguard policy policy1
[Sysname-raguard-policy-policy1] if-match acl 2001
if-match autoconfig managed-address-flag
Use
if-match autoconfig managed-address-flag
to specify an M flag match criterion.
Use
undo if-match autoconfig managed-address-flag
to delete the M flag match criterion.
Syntax
if-match autoconfig managed-address-flag
{
off
|
on
}
undo if-match autoconfig managed-address-flag
Default
No M flag match criterion exists.
Views
RA guard policy view
Predefined user roles
network-admin
mdc-admin
Parameters
off
: Specifies the advertised M flag as 0
on
: Specifies the advertised M flag as 1.
Usage guidelines
The M flag in an RA message determines whether a receiving host uses stateful autoconfiguration to
obtain an IPv6 address.
•
If the M flag is set to 1, the host uses stateful autoconfiguration, for example, uses a DHCPv6
server.
•
If the M flag is set to 0, the host uses stateless autoconfiguration. In stateless autoconfiguration,
the host generates an IPv6 address according to its link-layer address and the prefix
information in the RA message.