< Home

if-match prefix

Function

The if-match prefix command configures an ACL to match RA messages against the IPv6 prefix in RA messages.

The undo if-match prefix command deletes the ACL used to match RA messages against the IPv6 prefix in RA messages.

By default, no ACL is configured to match RA messages against the IPv6 prefix in RA messages.

Format

if-match prefix acl acl-number

undo if-match prefix acl

Parameters

Parameter Description Value

acl acl-number

Specifies the number of a basic ACL6.

The value is an integer in the range from 2000 to 2999.

Views

IPv6 RA guard policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an ACL is configured in an IPv6 RA guard policy to match RA messages against the IPv6 prefix in RA messages, the interface to which the policy is applied checks whether the IPv6 prefix of the received RA messages is within the network segment configured in the ACL and forwards the RA messages only when the messages match the ACL. Otherwise, the interface discards the messages.

Precautions

  • If the ACL specified as a matching rule is not created, no rule is configured in the ACL, or the rule configured in the ACL is not a source IP address or prefix, RA messages will not match against the ACL.
  • In the matching process, the permit and deny actions configured in the ACL are ignored, and the focus is only on the rule configured in the ACL. That is, RA messages are forwarded as long as they match the rule.

Example

# In the IPv6 RA guard policy p1, configure the switch to forward RA messages with the IPv6 prefix FC00:1::/64.

<HUAWEI> system-view
[HUAWEI] acl ipv6 2000
[HUAWEI-acl6-basic-2000] rule 1 permit source fc00:1::/64
[HUAWEI-acl6-basic-2000] quit
[HUAWEI] nd raguard policy p1
[HUAWEI-nd-raguard-policy-p1] if-match prefix acl 2000
Parent Topic: IPv6 RA Guard Configuration Command
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >