Home » HP Manuals » Servers » HP 6120G/XG » Manual Viewer

HP 6120G/XG HP ProCurve Series 6120 Blade Switches IPv6 Configuration Guide - Page 140

Secure Shell (SSH) for IPv6, Configuring SSH for IPv6

Add to My Manuals
Save this manual to your list of manuals

Page 140 highlights

IPv6 Management Security Features Secure Shell (SSH) for IPv6 Secure Shell (SSH) for IPv6 SSH for IPv4 and IPv6 operate simultaneously with the same command set. Both are enabled in the default configuration, and are controlled together by the same command set. Secure Shell (SSH) for IPv6 provides the same Telnet-like functions through encrypted, authenticated transactions as SSH for IPv4. SSH for IPv6 provides CLI (console) access and secure file transfer functionality. The following types of transactions are supported: ■ Client public-key authentication Public keys from SSH clients are stored on the switch. Access to the switch is granted only to a client whose private key matches a stored public key. ■ Password-only client authentication The switch is SSH-enabled but is not configured with the login method that authenticates a client's public-key. Instead, after the switch authenticates itself to a client, users connected to the client authenticate themselves to the switch by providing a valid password that matches the operator- and/or manager-level password configured and stored locally on the switch or on a RADIUS or TACACS+ server. ■ Secure Copy (SCP) and Secure FTP (SFTP) client applications You can use either one SCP session or one SFTP session at a given time to perform secure file transfers to and from the switch. Configuring SSH for IPv6 By default, SSH is automatically enabled for IPv4 and IPv6 connections on a switch. You can use the ip ssh command options to reconfigure the default SSH settings to configure the following settings used in SSH authentication for IPv4 and IPv6 connections: ■ TCP port number ■ timeout period ■ file transfer ■ MAC type ■ cipher type 6-15

Section	Page
Getting Started	17
Contents	17
Introduction	18
Conventions	18
Command Syntax Statements	18
Command Prompts	19
Screen Simulations	19
Configuration and Operation Examples	20
Keys	20
Sources for More Information	20
Getting Documentation From the Web	22
Online Help	22
Menu Interface	22
Command Line Interface	23
Web Browser Interface	23
To Set Up and Install the Switch in Your Network	24
Introduction to IPv6	25
Contents	25
Migrating to IPv6	27
IPv6 Propagation	28
Dual-Stack Operation	28
Connecting to Devices Supporting IPv6 Over IPv4 Tunneling	29
Information Sources for Tunneling IPv6 Over IPv4	29
Use Model	30
Adding IPv6 Capability	30
Supported IPv6 Operation	30
Configuration and Management	31
Management Features	31
IPv6 Addressing	31
SLAAC (Stateless Automatic Address Configuration)	31
DHCPv6 (Stateful) Address Configuration	32
Static Address Configuration	32
Default IPv6 Gateway	32
Neighbor Discovery (ND) in IPv6	33
IPv6 Management Features	34
TFTPv6 Transfers	34
IPv6 Time Configuration	34
Telnet6	34
IP Preserve	35
Web Browser Interface	35
Path MTU (PMTU) Discovery	35
Configurable IPv6 Security	35
SSHv2 on IPv6	35
IP Authorized Managers	36
Diagnostic and Troubleshooting	37
Ping6	37
Traceroute6	37
Debug/Syslog Enhancements	37
Domain Name System (DNS) Resolution	37
IPv6 Neighbor Discovery (ND) Controls	38
Event Log	38
SNMP	38
Loopback Address	38
IPv6 Scalability	39
IPv6 Addressing	40
Contents	40
Introduction	42
IPv6 Address Structure and Format	42
Address Format	42
Address Notation	42
Network Prefix	43
Interface (Device) Identifier	43
IPv6 Addressing Options	44
IPv6 Address Sources	44
General IPv6 Address Types	44
IPv6 Address Sources	46
Stateless Address Autoconfiguration (SLAAC)	46
Applications	46
Preferred and Valid Lifetimes of Stateless Autoconfigured Addresses	46
Stateful (DHCPv6) Address Configuration	47
Static Address Configuration	48
Address Types and Scope	49
Address Types	49
Address Scope	50
Unicast Address Prefixes	50
Link-Local Unicast Address	52
Autoconfiguring Link-Local Unicast Addresses	52
Extended Unique Identifier (EUI)	53
Statically Configuring Link-Local Addresses	54
Global Unicast Address	55
Stateless Autoconfiguration of a Global Unicast Address	55
Static Configuration of a Global Unicast Address	56
Prefixes in Routable IPv6 Addresses	57
Unique Local Unicast IPv6 Address	58
Anycast Addresses	59
Multicast Application to IPv6 Addressing	60
Overview of the Multicast Operation in IPv6	60
IPv6 Multicast Address Format	61
Multicast Group Identification	61
Solicited-Node Multicast Address Format	62
Loopback Address	63
The Unspecified Address	63
IPv6 Address Deprecation	64
Preferred and Valid Address Lifetimes	64
IPv6 Addressing Configuration	66
Contents	66
Introduction	68
General Configuration Steps	69
Configuring IPv6 Addressing	70
Enabling IPv6 with an Automatically Configured Link-Local Address	71
Enabling Autoconfiguration of a Global Unicast Address and a Default Router Identity on a VLAN	72
Operating Notes	73
Enabling DHCPv6	74
Operating Notes	75
Configuring a Static IPv6 Address on a VLAN	76
Statically Configuring a Link-Local Unicast Address	77
Statically Configuring A Global Unicast Address	78
Operating Notes	79
Statically Configuring An Anycast Address	79
Duplicate Address Detection (DAD) for Statically Configured Addresses	81
Disabling IPv6 on a VLAN	81
Neighbor Discovery (ND)	82
Duplicate Address Detection (DAD)	83
DAD Operation	83
Configuring DAD	84
Operating Notes for Neighbor Discovery	85
View the Current IPv6 Addressing Configuration	87
Router Access and Default Router Selection	94
Router Advertisements	94
Router Solicitations	94
Default IPv6 Router	95
Router Redirection	95
View IPv6 Gateway, Route, and Router Neighbors	96
Viewing Gateway and IPv6 Route Information	96
Viewing IPv6 Router Information	97
Address Lifetimes	99
Preferred Lifetime	99
Valid Lifetime	99
Sources of IPv6 Address Lifetimes	99
IPv6 Management Features	101
Contents	101
Introduction	102
Viewing and Clearing the IPv6 Neighbors Cache	102
Viewing the Neighbor Cache	103
Clearing the Neighbor Cache	105
IPv6 Telnet Operation	106
Outbound Telnet to Another Device	106
Viewing the Current Telnet Activity on a Switch	107
Enabling or Disabling Inbound Telnet Access	108
Viewing the Current Inbound Telnet Configuration	108
SNTP and Timep	109
Configuring (Enabling or Disabling) the SNTP Mode	109
Configuring an IPv6 Address for an SNTP Server	110
Configuring (Enabling or Disabling) the Timep Mode	112
TFTP File Transfers Over IPv6	115
Enabling TFTP for IPv6	116
Using TFTP to Copy Files over IPv6	117
Using Auto-TFTP for IPv6	119
SNMP Management for IPv6	120
SNMP Features Supported	120
SNMP Configuration Commands Supported	121
SNMPv1 and V2c	121
SNMPv3	121
IP Preserve for IPv6	123
IPv6 Management Security Features	126
Contents	126
IPv6 Management Security	127
Authorized IP Managers for IPv6	128
Usage Notes	128
Configuring Authorized IP Managers for Switch Access	130
Using a Mask to Configure Authorized Management Stations	130
Configuring Single Station Access	130
Configuring Multiple Station Access	131
Displaying an Authorized IP Managers Configuration	137
Additional Examples of Authorized IPv6 Managers Configuration	138
Secure Shell (SSH) for IPv6	140
Configuring SSH for IPv6	140
Displaying an SSH Configuration	143
Secure Copy and Secure FTP for IPv6	144
IPv6 Diagnostic and Troubleshooting	145
Contents	145
Introduction	146
Ping for IPv6 (Ping6)	146
Traceroute for IPv6	149
DNS Resolver for IPv6	152
DNS Configuration	152
Viewing the Current Configuration	154
Operating Notes	154
Debug/Syslog for IPv6	155
Configuring Debug and Event Log Messaging	155
Debug Command	156
Configuring Debug Destinations	157
Logging Command	158
IPv6 Terminology	159
Symbols	160
A	160
B	160
C	160
D	161
E	161
F	162
G	162
I	162
L	163
M	163
N	163
O	164
P	164
Q	164
R	164
S	164
T	165
U	166
V	166