Table of Contents
Advertisement
Command Reference Guide
ipv6 policy-class <ipv6 acp name> rpf-check
Use the ipv6 policy-class rpf-check command to verify that Internet Protocol version 6 (IPv6) traffic has
entered on the appropriate interface using a route lookup. Reverse path forwarding (RPF) is essentially a
spoofing check. For more details on IPv6 policy class functionality in AOS, refer to the
Control Policy Command Set on page
Syntax Description
<ipv6 acp name>
rpf-check
Default Values
This command is enabled by default.
Command History
Release 18.1
Functional Notes
When enabled, after an IPv6 packet is received, the IPv6 firewall performs a route lookup on the packet's
source IPv6 address to determine what interface would be used to forward the packet back to that
address. The firewall then checks the IPv6 ACP assigned to that interface. If the IPv6 ACP does not match
the IPv6 ACP of the interface on which the packet was received, the packet is dropped.
The rpf-check feature should be disabled if your application allows traffic to arrive on an interface sourced
from networks contradicting the route table. This feature can be disabled on a per ACP basis by issuing
this command in conjunction with the ACP name you do not want to be checked.
Usage Examples
The following example turns off the rpf-check feature for the IPv6 ACP named PRIVATEv6:
(config)#no ip policy-class PRIVATEv6 rpf-check
60000CRG0-35E
3192. Use the no form of this command to disable this feature.
Identifies the configured IPv6 access control policy (ACP) using an
alphanumeric descriptor (maximum of 50 characters). All ACP descriptors
are case sensitive.
Enables RPF check (spoofing).
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
IPv6 Access
1217
Advertisement
Table of Contents
