Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

match-option

Syntax

Hierarchy Level

Description

Configure one or more parameters such as hop-count limit, managed configuration flag, other configuration flag, or router preference priority as the match condition to be associated with an IPv6 Router Advertisement (RA) guard accept policy.

RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. An RA guard policy is used to validate incoming RA messages on the basis of whether they match the conditions defined in the policy.

You can associate match lists (see match-list) or match conditions with an accept policy. You can configure match conditions by using the match-option statement in an RA guard accept policy. When RA guard is enabled by using an accept policy, any RA messages that match the conditions defined in the policy are forwarded, and RA messages that do not match the conditions are dropped.

Options

hop-limit

Configure the RA guard policy to verify the minimum or maximum hop count for an incoming RA message. Use maximum to set a maximum hop count, or minimum to set a minimum hop count.

managed-config-flag

Configure the RA guard policy to verify that the managed address configuration flag of an incoming RA message is set. When the managed address configuration flag is set, it indicates that addresses are available for allocation by Dynamic Host Configuration Protocol version 6 (DHCPv6).

other-config-flag

Configure the RA guard policy to verify that the other configuration flag of an incoming RA message is set. When this flag is set, it indicates that other configuration information is available through DHCPv6. Examples of such information are DNS-related information or information on other servers within the network.

router-preference-maximum

Configure the RA guard policy to verify that the default router preference parameter value of an incoming RA message is lower than or equal to a specified limit. The default router preference value improves the ability of IPv6 hosts to select a default router to reach a remote destination when the host has multiple routers on its default router list. Use high, medium, or low to set the maximum preference.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1X53-D55.