blocking rogue router advertisements on switches
Steinar H. Gunderson
sesse at google.com
Fri May 6 13:50:22 CEST 2011
Den 6. mai 2011 13:06 skrev Gavin McCullagh <gavin.mccullagh at gcd.ie> følgende:
> We also found that setting the priority to "high" on our adverts helped.
> The misconfigured laptops don't seem to do that thankfully.
Note that RA=high will only solve part of the problem; it does not
affect address selection at all, only the routing table decisions. So
if you have a rogue RA with a bogus prefix, the end clients can
happily try to connect through _your_ gateway (since RA=high) using
_their_ prefix, which will probably break.
/* Steinar */
--
Software Engineer, Google Switzerland
More information about the ipv6-ops
mailing list