Router advertisement snooping

In an IPv6 network, router advertisements are sent by routers, either periodically or upon request, to present themselves as a gateway for networked clients. As with DHCPv4, attackers can use this mechanism to deliver a fake network configuration to the requesting clients.

With RA snooping, the device medaites router advertisements from routers only, and not from clients. By specifying the address of a router, the router advertisements can be restricted to one specific router as the broadcaster.

In LANconfig you can set up RA snooping for each interface under Interfaces > Snooping and a click on RA snooping.





After selecting the appropriate interface, you can set the following:





Port type
Specify the preferred interface type here. The following options are possible:
Router
The device mediates all of the RAs arriving at this interface (default).
Client (activates lock)
The device discards all of the RAs arriving at this interface.
Server IPv6 address
If you have selected the interface type Router, enter an optional router address here. If you specify a router address, the device will only mediate RAs from that router.
With the interface type Client selected, the device ignores this input field.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo