In an IPv6 network, router advertisements are sent by routers, either periodically or upon request, to present themselves as a gateway for networked clients. As with DHCPv4, attackers can use this mechanism to deliver a fake network configuration to the requesting clients.
With RA snooping, the device medaites router advertisements from routers only, and not from clients. By specifying the address of a router, the router advertisements can be restricted to one specific router as the broadcaster.
In LANconfig you can set up RA snooping for each interface under and a click on RA snooping.
After selecting the appropriate interface, you can set the following:
- Port type
- Specify the preferred interface type here. The following options are possible:
- Router
- The device mediates all of the RAs arriving at this interface (default).
- Client (activates lock)
- The device discards all of the RAs arriving at this interface.
- Server IPv6 address
- If you have selected the interface type Router, enter an optional router address here. If you specify a router address, the device will only mediate RAs from that router.
- With the interface type Client selected, the device ignores this input field.
