Home » HP Manuals » Servers » HP 6120XG » Manual Viewer

HP 6120XG HP ProCurve Series 6120 Blade Switches IPv6 Configuration Guide - Page 138

Configuring Multiple Station Access, authorized-managers,

Add to My Manuals
Save this manual to your list of manuals

Page 138 highlights

IPv6 Management Security Features Authorized IP Managers for IPv6 Notes If you do not enter a value for the ipv6-mask parameter when you configure an authorized IPv6 address, the switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the default mask (see "Configuring Authorized IP Managers for Switch Access" on page 6-5). If you have ten or fewer management and/or operator stations for which you want to authorize access to the switch, it may be more efficient to configure them by entering each IPv6 address with the default mask in a separate ipv6 authorized-managers command. When used in a mask, "FFFF" specifies that each bit in the corresponding 16 bit (hexadecimal) block of an authorized station's IPv6 address must be identical to the same "on" or "off" setting in the IPv6 address entered in the ipv6 authorized-managers command. (The binary equivalent of FFFF is 1111 1111 1111 1111, where 1 requires the same "on" or "off" setting in an authorized address.) For example, as shown in Figure 6-1, if you configure a link-local IPv6 address of FE80::202:B3FF:FE1E:8329 with a mask of FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF, only a station having an IPv6 address of FE80::202:B3FF:FE1E:8329 has management access to the switch. 1st 2nd 3rd 4th 5th 6th 7th 8th Manager- or Operator-Level Access Block Block Block Block Block Block Block Block IPv6 Mask FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF The "FFFF" in each hexadecimal block IPv6 Address FE80 0000 0000 0000 202 B3FF FE1E 8329 of the mask specifies that only the exact value of each bit in the corresponding block of the IPv6 address is allowed. This mask allows management access only to a station having an IPv6 address of FE80::202:B3FF:FE1E:8329. Figure 6-1. Mask for Configuring a Single Authorized IPv6 Manager Station Configuring Multiple Station Access To authorize multiple stations to access the switch without having to re-enter the ipv6 authorized-managers command for each station, carefully select the IPv6 address of an authorized IPv6 manager and an associated mask to authorize a range of IPv6 addresses. As shown in Figure 6-2, if a bit in any of the 4-bit binary representations of a hexadecimal value in a mask is "on" (set to 1), then the corresponding bit in the IPv6 address of an authorized station must match the "on" or "off' setting of the same bit in the IPv6 address you enter with the ipv6 authorized-managers command. 6-6

Section	Page
HP ProCurve 6120G/XG Switch 6120XG Switch IPv6 Configuration Guide	1
Front Cover	1
Title Page	3
Copyright, Notices, & Publication Data	4
Contents	5
Command Index	14
1. Getting Started	17
Contents	17
Introduction	18
Conventions	18
Command Syntax Statements	18
Command Prompts	19
Screen Simulations	19
Configuration and Operation Examples	20
Keys	20
Sources for More Information	20
Getting Documentation From the Web	22
Online Help	22
Menu Interface	22
Command Line Interface	23
Web Browser Interface	23
To Set Up and Install the Switch in Your Network	24
2. Introduction to IPv6	25
Contents	25
Migrating to IPv6	27
IPv6 Propagation	28
Dual-Stack Operation	28
Connecting to Devices Supporting IPv6 Over IPv4 Tunneling	29
Information Sources for Tunneling IPv6 Over IPv4	29
Use Model	30
Adding IPv6 Capability	30
Supported IPv6 Operation	30
Configuration and Management	31
Management Features	31
IPv6 Addressing	31
SLAAC (Stateless Automatic Address Configuration)	31
DHCPv6 (Stateful) Address Configuration	32
Static Address Configuration	32
Default IPv6 Gateway	32
Neighbor Discovery (ND) in IPv6	33
IPv6 Management Features	34
TFTPv6 Transfers	34
IPv6 Time Configuration	34
Telnet6	34
IP Preserve	35
Web Browser Interface	35
Path MTU (PMTU) Discovery	35
Configurable IPv6 Security	35
SSHv2 on IPv6	35
IP Authorized Managers	36
Diagnostic and Troubleshooting	37
Ping6	37
Traceroute6	37
Debug/Syslog Enhancements	37
Domain Name System (DNS) Resolution	37
IPv6 Neighbor Discovery (ND) Controls	38
Event Log	38
SNMP	38
Loopback Address	38
IPv6 Scalability	39
3. IPv6 Addressing	41
Contents	41
Introduction	43
IPv6 Address Structure and Format	43
Address Format	43
Address Notation	43
Network Prefix	44
Interface (Device) Identifier	44
IPv6 Addressing Options	45
IPv6 Address Sources	45
General IPv6 Address Types	45
IPv6 Address Sources	47
Stateless Address Autoconfiguration (SLAAC)	47
Applications	47
Preferred and Valid Lifetimes of Stateless Autoconfigured Addresses	47
Stateful (DHCPv6) Address Configuration	48
Static Address Configuration	49
Address Types and Scope	50
Address Types	50
Address Scope	51
Unicast Address Prefixes	51
Link-Local Unicast Address	53
Autoconfiguring Link-Local Unicast Addresses	53
Extended Unique Identifier (EUI)	54
Statically Configuring Link-Local Addresses	55
Global Unicast Address	56
Stateless Autoconfiguration of a Global Unicast Address	56
Static Configuration of a Global Unicast Address	57
Prefixes in Routable IPv6 Addresses	58
Unique Local Unicast IPv6 Address	59
Anycast Addresses	60
Multicast Application to IPv6 Addressing	61
Overview of the Multicast Operation in IPv6	61
IPv6 Multicast Address Format	62
Multicast Group Identification	62
Solicited-Node Multicast Address Format	63
Loopback Address	64
The Unspecified Address	64
IPv6 Address Deprecation	65
Preferred and Valid Address Lifetimes	65
4. IPv6 Addressing Configuration	67
Contents	67
Introduction	69
General Configuration Steps	70
Configuring IPv6 Addressing	71
Enabling IPv6 with an Automatically Configured Link-Local Address	72
Enabling Autoconfiguration of a Global Unicast Address and a Default Router Identity on a VLAN	73
Operating Notes	74
Enabling DHCPv6	75
Operating Notes	76
Configuring a Static IPv6 Address on a VLAN	77
Statically Configuring a Link-Local Unicast Address	78
Statically Configuring A Global Unicast Address	79
Operating Notes	80
Statically Configuring An Anycast Address	80
Duplicate Address Detection (DAD) for Statically Configured Addresses	82
Disabling IPv6 on a VLAN	82
Neighbor Discovery (ND)	83
Duplicate Address Detection (DAD)	84
DAD Operation	84
Configuring DAD	85
Operating Notes for Neighbor Discovery	86
View the Current IPv6 Addressing Configuration	88
Router Access and Default Router Selection	95
Router Advertisements	95
Router Solicitations	95
Default IPv6 Router	96
Router Redirection	96
View IPv6 Gateway, Route, and Router Neighbors	97
Viewing Gateway and IPv6 Route Information	97
Viewing IPv6 Router Information	98
Address Lifetimes	100
Preferred Lifetime	100
Valid Lifetime	100
Sources of IPv6 Address Lifetimes	100
5. IPv6 Management Features	103
Contents	103
Introduction	104
Viewing and Clearing the IPv6 Neighbors Cache	104
Viewing the Neighbor Cache	105
Clearing the Neighbor Cache	107
IPv6 Telnet Operation	108
Outbound Telnet to Another Device	108
Viewing the Current Telnet Activity on a Switch	109
Enabling or Disabling Inbound Telnet Access	111
Viewing the Current Inbound Telnet Configuration	111
SNTP and Timep	112
Configuring (Enabling or Disabling) the SNTP Mode	112
Configuring an IPv6 Address for an SNTP Server	113
Configuring (Enabling or Disabling) the Timep Mode	115
TFTP File Transfers Over IPv6	119
Enabling TFTP for IPv6	120
Using TFTP to Copy Files over IPv6	121
Using Auto-TFTP for IPv6	124
SNMP Management for IPv6	125
SNMP Features Supported	125
SNMP Configuration Commands Supported	126
SNMPv1 and V2c	126
SNMPv3	126
IP Preserve for IPv6	129
6. IPv6 Management Security Features	133
Contents	133
IPv6 Management Security	134
Authorized IP Managers for IPv6	135
Usage Notes	135
Configuring Authorized IP Managers for Switch Access	137
Using a Mask to Configure Authorized Management Stations	137
Configuring Single Station Access	137
Configuring Multiple Station Access	138
Displaying an Authorized IP Managers Configuration	144
Additional Examples of Authorized IPv6 Managers Configuration	145
Secure Shell (SSH) for IPv6	147
Configuring SSH for IPv6	147
Displaying an SSH Configuration	150
Secure Copy and Secure FTP for IPv6	152
7. IPv6 Diagnostic and Troubleshooting	153
Contents	153
Introduction	154
Ping for IPv6 (Ping6)	154
Traceroute for IPv6	157
DNS Resolver for IPv6	160
DNS Configuration	160
Viewing the Current Configuration	162
Operating Notes	162
Debug/Syslog for IPv6	163
Configuring Debug and Event Log Messaging	163
Debug Command	164
Configuring Debug Destinations	165
Logging Command	166
A.IPv6 Terminology	167
Index	169
Symbols	169
A	169
B	169
C	169
D	170
E	170
F	171
G	171
I	171
L	172
M	172
N	172
O	173
P	173
Q	173
R	173
S	173
T	174
U	175
V	175
W	175

Match case Limit results 1 per page

IPv6 Management Security Features

Authorized IP Managers for IPv6

Notes

If you do not enter a value for the

ipv6-mask

parameter when you configure an

authorized IPv6 address, the switch automatically uses

FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

as the default mask (see “Configuring

Authorized IP Managers for Switch Access” on page 6-5).

If you have ten or fewer management and/or operator stations for which you

want to authorize access to the switch, it may be more efficient to configure

them by entering each IPv6 address with the default mask in a separate

ipv6

authorized-managers

command.

When used in a mask, “

FFFF

” specifies that each bit in the corresponding 16-

bit (hexadecimal) block of an authorized station’s IPv6 address must be

identical to the same “on” or “off” setting in the IPv6 address entered in the

ipv6 authorized-managers

command. (The binary equivalent of

FFFF

1111 1111 1111 1111, where

requires the same “on” or “off” setting in an

authorized address.)

For example, as shown in Figure 6-1, if you configure a link-local IPv6 address

of FE80::202:B3FF:FE1E:8329 with a mask of

FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

, only a station having an IPv6 address of

FE80::202:B3FF:FE1E:8329 has management access to the switch.

1st

Block

2nd

Block

3rd

Block

4th

Block

5th

Block

6th

Block

7th

Block

8th

Block

Manager- or Operator-Level Access

IPv6 Mask

FFFF

The “FFFF” in each hexadecimal block

of the mask specifies that only the exact

IPv6 Address

FE80

0000

202

B3FF

FE1E

8329

value of each bit in the corresponding

block of the IPv6 address is allowed.

This mask allows management access

only to a station having an IPv6 address

of FE80::202:B3FF:FE1E:8329.

Figure 6-1.

Mask for Configuring a Single Authorized IPv6 Manager Station

Configuring Multiple Station Access

To authorize multiple stations to access the switch without having to re-enter

the

ipv6 authorized-managers

command for each station, carefully select the

IPv6 address of an authorized IPv6 manager and an associated mask to

authorize a range of IPv6 addresses.

As shown in Figure 6-2, if a bit in any of the 4-bit binary representations of a

hexadecimal value in a mask is “on” (set to 1), then the corresponding bit in

the IPv6 address of an authorized station must match the ”on” or “off’ setting

of the same bit in the IPv6 address you enter with the

ipv6 authorized-managers

command.

6-6