request access-security router-advertisement-guard-learn interface

Syntax

Description

Request the learning state on an interface or range of interfaces for stateful IPv6 Router Advertisement (RA) guard. Stateful RA guard learns about legitimate senders of RA messages and stores this information in order to validate senders of subsequent RA messages. For example, an interface that is in the learning state and receives RA messages sent from legitimate sources dynamically transitions to the forwarding state after the learning period ends. While the interface is in forwarding state, all RA messages received on that interface that can be validated against the configured policy are forwarded.

Before you can request learning on an interface, you must enable RA guard at the [edit forwarding-options access-security router-advertisement-guard] hierarchy level and configure the stateful option. When you enable stateful RA guard, the default state is Off. An interface in the Off state operates as if RA guard is not available. The learning state can be initiated only by configuring the request access-security router-advertisement-guard-learn command.

When you request the learning state, you must configure the duration of the learning period in seconds. This is the amount of time the interface will remain in the learning state before it transitions to another state. RA messages that are received during the learning period can be either forwarded or blocked. Configure the forward option to forward RA messages during the learning period, or configure the block option to block RA messages during the learning period.

Options

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Output Fields

This command produces no output.

Release Information

Command introduced in Junos OS Release 15.1X53-D55.