if-match ipv6-source-address

Function

The if-match ipv6-source-address command configures an ACL to match RA messages against the source IPv6 address in RA messages.

The undo if-match ipv6-source-address command deletes the ACL used to match RA messages against the source IPv6 address in RA messages.

By default, no ACL is configured to match RA messages against the source IPv6 address in RA messages.

Format

if-match ipv6-source-address acl acl-number

undo if-match ipv6-source-address acl

Parameters

Parameter	Description	Value
acl acl-number	Specifies the number of a basic ACL6.	The value is an integer in the range from 2000 to 2999.

Views

IPv6 RA guard policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an ACL is configured in an IPv6 RA guard policy to match RA messages against the source IPv6 address in RA messages, the interface to which the policy is applied checks whether the source IPv6 address of the received RA messages is within the network segment configured in the ACL and forwards only the RA messages that match the ACL.

Precautions

If the ACL specified as a matching rule is not created, no rule is configured in the ACL, or the rule configured in the ACL is not a source IP address or prefix, RA messages will not match against the ACL.
In the matching process, the permit and deny actions configured in the ACL are ignored, and the focus is only on the rule configured in the ACL. That is, RA messages are forwarded as long as they match the rule.

Example

# In the IPv6 RA guard policy p1, configure the switch to forward RA messages with the source IPv6 address FC00:1::10/64.

<HUAWEI> system-view
[HUAWEI] acl ipv6 2000
[HUAWEI-acl6-basic-2000] rule 1 permit source fc00:1::/64
[HUAWEI-acl6-basic-2000] quit
[HUAWEI] nd raguard policy p1
[HUAWEI-nd-raguard-policy-p1] if-match ipv6-source-address acl 2000