Home » HP Manuals » Servers » HP 6120XG » Manual Viewer

HP 6120XG HP ProCurve Series 6120 Blade Switches IPv6 Configuration Guide - Page 152

Secure Copy and Secure FTP for IPv6, Notes

Add to My Manuals
Save this manual to your list of manuals

Page 152 highlights

IPv6 Management Security Features Secure Copy and Secure FTP for IPv6 Notes 6-20 Secure Copy and Secure FTP for IPv6 You can take advantage of the Secure Copy (SCP) and Secure FTP (SFTP) client applications to provide a secure alternative to TFTP for transferring sensitive switch information, such as configuration files and login informa tion, between the switch and an administrator workstation. By default, SSH is enabled for IPv4 and IPv6 connections on a switch, and a single command set is used for both IPv4 and IPv6 file transfers. SCP and SFTP run over an encrypted SSH session, allowing you to use a secure SSH tunnel to: ■ Transfer files and update ProCurve software images. ■ Distribute new software images with automated scripts that make it easier to upgrade multiple switches simultaneously and securely. You can perform secure file transfers to and from IPv4 and IPv6 client devices by entering the ip ssh filetransfer command. Syntax:. [no] ip ssh filetransfer Enables SSH on the switch to connect to an SCP or SFTP client application to transfer files to and from the switch. Use the no ip ssh filetransfer command to disable the switch's ability to perform secure file transfers with an SCP or SFTP client, without disabling SSH on the switch. After an IPv6 client running SCP/SFTP successfully authenticates and opens an SSH session on the switch, you can copy files to and from the switch using secure, encrypted file transfers. Refer to the documentation that comes with an SCP or SFTP client application for information on the file transfer com mands and software utilities to use. Enabling SSH file transfer disables TFTP and Auto-TFTP operation. The switch supports one SFTP session or one SCP session at a time. All files on the switch have read-write permission. However, several SFTP commands, such as create or remove, are not supported and return an error. For complete information on how to configure SCP or SFTP in an SSH session to copy files to and from the switch, refer to the "File Transfers" appendix in the Management and Configuration Guide for your switch.

Section	Page
HP ProCurve 6120G/XG Switch 6120XG Switch IPv6 Configuration Guide	1
Front Cover	1
Title Page	3
Copyright, Notices, & Publication Data	4
Contents	5
Command Index	14
1. Getting Started	17
Contents	17
Introduction	18
Conventions	18
Command Syntax Statements	18
Command Prompts	19
Screen Simulations	19
Configuration and Operation Examples	20
Keys	20
Sources for More Information	20
Getting Documentation From the Web	22
Online Help	22
Menu Interface	22
Command Line Interface	23
Web Browser Interface	23
To Set Up and Install the Switch in Your Network	24
2. Introduction to IPv6	25
Contents	25
Migrating to IPv6	27
IPv6 Propagation	28
Dual-Stack Operation	28
Connecting to Devices Supporting IPv6 Over IPv4 Tunneling	29
Information Sources for Tunneling IPv6 Over IPv4	29
Use Model	30
Adding IPv6 Capability	30
Supported IPv6 Operation	30
Configuration and Management	31
Management Features	31
IPv6 Addressing	31
SLAAC (Stateless Automatic Address Configuration)	31
DHCPv6 (Stateful) Address Configuration	32
Static Address Configuration	32
Default IPv6 Gateway	32
Neighbor Discovery (ND) in IPv6	33
IPv6 Management Features	34
TFTPv6 Transfers	34
IPv6 Time Configuration	34
Telnet6	34
IP Preserve	35
Web Browser Interface	35
Path MTU (PMTU) Discovery	35
Configurable IPv6 Security	35
SSHv2 on IPv6	35
IP Authorized Managers	36
Diagnostic and Troubleshooting	37
Ping6	37
Traceroute6	37
Debug/Syslog Enhancements	37
Domain Name System (DNS) Resolution	37
IPv6 Neighbor Discovery (ND) Controls	38
Event Log	38
SNMP	38
Loopback Address	38
IPv6 Scalability	39
3. IPv6 Addressing	41
Contents	41
Introduction	43
IPv6 Address Structure and Format	43
Address Format	43
Address Notation	43
Network Prefix	44
Interface (Device) Identifier	44
IPv6 Addressing Options	45
IPv6 Address Sources	45
General IPv6 Address Types	45
IPv6 Address Sources	47
Stateless Address Autoconfiguration (SLAAC)	47
Applications	47
Preferred and Valid Lifetimes of Stateless Autoconfigured Addresses	47
Stateful (DHCPv6) Address Configuration	48
Static Address Configuration	49
Address Types and Scope	50
Address Types	50
Address Scope	51
Unicast Address Prefixes	51
Link-Local Unicast Address	53
Autoconfiguring Link-Local Unicast Addresses	53
Extended Unique Identifier (EUI)	54
Statically Configuring Link-Local Addresses	55
Global Unicast Address	56
Stateless Autoconfiguration of a Global Unicast Address	56
Static Configuration of a Global Unicast Address	57
Prefixes in Routable IPv6 Addresses	58
Unique Local Unicast IPv6 Address	59
Anycast Addresses	60
Multicast Application to IPv6 Addressing	61
Overview of the Multicast Operation in IPv6	61
IPv6 Multicast Address Format	62
Multicast Group Identification	62
Solicited-Node Multicast Address Format	63
Loopback Address	64
The Unspecified Address	64
IPv6 Address Deprecation	65
Preferred and Valid Address Lifetimes	65
4. IPv6 Addressing Configuration	67
Contents	67
Introduction	69
General Configuration Steps	70
Configuring IPv6 Addressing	71
Enabling IPv6 with an Automatically Configured Link-Local Address	72
Enabling Autoconfiguration of a Global Unicast Address and a Default Router Identity on a VLAN	73
Operating Notes	74
Enabling DHCPv6	75
Operating Notes	76
Configuring a Static IPv6 Address on a VLAN	77
Statically Configuring a Link-Local Unicast Address	78
Statically Configuring A Global Unicast Address	79
Operating Notes	80
Statically Configuring An Anycast Address	80
Duplicate Address Detection (DAD) for Statically Configured Addresses	82
Disabling IPv6 on a VLAN	82
Neighbor Discovery (ND)	83
Duplicate Address Detection (DAD)	84
DAD Operation	84
Configuring DAD	85
Operating Notes for Neighbor Discovery	86
View the Current IPv6 Addressing Configuration	88
Router Access and Default Router Selection	95
Router Advertisements	95
Router Solicitations	95
Default IPv6 Router	96
Router Redirection	96
View IPv6 Gateway, Route, and Router Neighbors	97
Viewing Gateway and IPv6 Route Information	97
Viewing IPv6 Router Information	98
Address Lifetimes	100
Preferred Lifetime	100
Valid Lifetime	100
Sources of IPv6 Address Lifetimes	100
5. IPv6 Management Features	103
Contents	103
Introduction	104
Viewing and Clearing the IPv6 Neighbors Cache	104
Viewing the Neighbor Cache	105
Clearing the Neighbor Cache	107
IPv6 Telnet Operation	108
Outbound Telnet to Another Device	108
Viewing the Current Telnet Activity on a Switch	109
Enabling or Disabling Inbound Telnet Access	111
Viewing the Current Inbound Telnet Configuration	111
SNTP and Timep	112
Configuring (Enabling or Disabling) the SNTP Mode	112
Configuring an IPv6 Address for an SNTP Server	113
Configuring (Enabling or Disabling) the Timep Mode	115
TFTP File Transfers Over IPv6	119
Enabling TFTP for IPv6	120
Using TFTP to Copy Files over IPv6	121
Using Auto-TFTP for IPv6	124
SNMP Management for IPv6	125
SNMP Features Supported	125
SNMP Configuration Commands Supported	126
SNMPv1 and V2c	126
SNMPv3	126
IP Preserve for IPv6	129
6. IPv6 Management Security Features	133
Contents	133
IPv6 Management Security	134
Authorized IP Managers for IPv6	135
Usage Notes	135
Configuring Authorized IP Managers for Switch Access	137
Using a Mask to Configure Authorized Management Stations	137
Configuring Single Station Access	137
Configuring Multiple Station Access	138
Displaying an Authorized IP Managers Configuration	144
Additional Examples of Authorized IPv6 Managers Configuration	145
Secure Shell (SSH) for IPv6	147
Configuring SSH for IPv6	147
Displaying an SSH Configuration	150
Secure Copy and Secure FTP for IPv6	152
7. IPv6 Diagnostic and Troubleshooting	153
Contents	153
Introduction	154
Ping for IPv6 (Ping6)	154
Traceroute for IPv6	157
DNS Resolver for IPv6	160
DNS Configuration	160
Viewing the Current Configuration	162
Operating Notes	162
Debug/Syslog for IPv6	163
Configuring Debug and Event Log Messaging	163
Debug Command	164
Configuring Debug Destinations	165
Logging Command	166
A.IPv6 Terminology	167
Index	169
Symbols	169
A	169
B	169
C	169
D	170
E	170
F	171
G	171
I	171
L	172
M	172
N	172
O	173
P	173
Q	173
R	173
S	173
T	174
U	175
V	175
W	175

Match case Limit results 1 per page

IPv6 Management Security Features

Secure Copy and Secure FTP for IPv6

You can take advantage of the Secure Copy (SCP) and Secure FTP (SFTP)

client applications to provide a secure alternative to TFTP for transferring

sensitive switch information, such as configuration files and login informa-

tion, between the switch and an administrator workstation.

By default, SSH is enabled for IPv4 and IPv6 connections on a switch, and a

single command set is used for both IPv4 and IPv6 file transfers.

SCP and SFTP run over an encrypted SSH session, allowing you to use a secure

SSH tunnel to:

■

Transfer files and update ProCurve software images.

■

Distribute new software images with automated scripts that make it easier

to upgrade multiple switches simultaneously and securely.

You can perform secure file transfers to and from IPv4 and IPv6 client devices

by entering the

ip ssh filetransfer

command.

Syntax:.

[no] ip ssh filetransfer

Enables SSH on the switch to connect to an SCP or SFTP client

application to transfer files to and from the switch.

Use the

no ip ssh filetransfer

command to disable the switch’s

ability to perform secure file transfers with an SCP or SFTP

client, without disabling SSH on the switch.

After an IPv6 client running SCP/SFTP successfully authenticates and opens

an SSH session on the switch, you can copy files to and from the switch using

secure, encrypted file transfers. Refer to the documentation that comes with

an SCP or SFTP client application for information on the file transfer com-

mands and software utilities to use.

Notes

Enabling SSH file transfer disables TFTP and Auto-TFTP operation.

The switch supports one SFTP session or one SCP session at a time.

All files on the switch have read-write permission. However, several SFTP

commands, such as

create

remove

, are not supported and return an error.

For complete information on how to configure SCP or SFTP in an SSH session

to copy files to and from the switch, refer to the

“File Transfers”

appendix in

the

Management and Configuration Guide

for your switch.

6-20