Home > System Equipment Forum > Fixed network products
Subject initiator:vittore       Replies:1       Published on:2022-04-05
Legends: ZTE engineer:Administrator
Subject:  C300 - ipv6 - RA (security)
Common member
vittore

Common member
Score::32
Registered on:2019-11-04
C300 - ipv6 - RA (security) (Published on:4/5/2022 5:33:22 PM)

Consider the GPON ipv6 network below:



All devices work fine and receive RA from router R1, SLAAC works fine, ping6 from/to devices in different ONUs works,... very good.
But if I connect another router directly to ONU port this "is visible" into the entire network. Best practices say that RA guard must be enabled on ONU so RA from R2 die :-) into first ethernet port ONU.




Are there some best practices to configure this or ipv6 ACL will be used?


Thanks in advance.
VZ
Administrator
10047664

Administrator
Score::4879
Registered on:2009-07-14
Reply:C300 - ipv6 - RA (security) (Published on:4/6/2022 4:12:16 PM)

config

qos class c1 match eth-type ipv6 ip-type icMP icmp-type 134 

qos policy c1 class c1 deny

interface gei_0/1/1

qos-policy c1  ingress

exit








Total: 1 Records Page: 1 /1 First Prev Next Last    Records /Page(s)  
 
Subject:  C300 - ipv6 - RA (security)
 Attachment  
 Reply Content