8 Oct
2010
8 Oct
'10
10:12 a.m.
On 7.10.10 16:30, Gert Doering wrote:
how is a host-based mechanism based on prevention of outgoing packets ever going to work? I mean, it can prevent accidents (perhaps, it is not a guarantee, look at usual list of ad-hoc Wifi SSIDs at any event) but it sure won't prevent intentional unauthorised RAs.
RA-guard is not host-based but switch-based. You configure the switch "*this* is the port where the router lives" and RAs on all other ports are filtered.
See draft-ietf-v6ops-ra-guard-*.txt
Gert Doering
Exacty :) +1 /jan