if-match source-mac-address

Function

The if-match source-mac-address command configures an ACL to match RA messages against the source MAC address in RA messages.

The undo if-match source-mac-address command deletes the ACL used to match RA messages against the source MAC address in RA messages.

By default, no ACL is configured to match RA messages against the source MAC address in RA messages.

Format

if-match source-mac-address acl acl-number

undo if-match source-mac-address acl

Parameters

Parameter	Description	Value
acl acl-number	Specifies the number of a Layer 2 ACL.	The value is an integer in the range from 4000 to 4999.

Views

IPv6 RA guard policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an ACL is configured in an IPv6 RA guard policy to match RA messages against the source MAC address in RA messages, the interface to which the policy is applied checks the source MAC address of the received RA messages and forwards only the RA messages that match the ACL.

Precautions

If the ACL specified as a matching rule is not created, no rule is configured in the ACL, or the rule configured in the ACL is not a source MAC address, RA messages will not match against the ACL.
In the matching process, the permit and deny actions configured in the ACL are ignored, and the focus is only on the rule configured in the ACL. That is, RA messages are forwarded as long as they match the rule.

Example

# In the IPv6 RA guard policy p1, configure the switch to forward RA messages with the source MAC address 0001-0001-0001 or 0022-0022-0022.

<HUAWEI> system-view
[HUAWEI] acl 4001
[HUAWEI-acl-L2-4001] rule 1 permit source-mac 0001-0001-0001
[HUAWEI-acl-L2-4001] rule 2 permit source-mac 0022-0022-0022
[HUAWEI-acl-L2-4001] quit
[HUAWEI] nd raguard policy p1
[HUAWEI-nd-raguard-policy-p1] if-match source-mac-address acl 4001