Home » HP Manuals » Servers » HP 6120XG » Manual Viewer

HP 6120XG HP ProCurve Series 6120 Blade Switches IPv6 Configuration Guide - Page 36

IP Authorized Managers, Caution

Add to My Manuals
Save this manual to your list of manuals

Page 36 highlights

Introduction to IPv6 Configurable IPv6 Security Caution The switch supports up to six inbound sessions of the following types in any combination at any given time: ■ SSHv2 ■ SSHv2 IPv6 ■ Telnet-server ■ Telnet6-server ■ SFTP/SCP (One SFTP or SCP session allowed at a given time.) ■ Console (serial RS-232 connection) For more information, refer to "Secure Shell (SSH) for IPv6" on page 6-15. IP Authorized Managers The IPv6 Authorized IP Managers feature, like the IPv4 version, uses IP addresses and masks to determine which stations (PCs and workstations) can access the switch through the network, and includes these access methods: ■ Telnet, SSH, and other terminal emulation applications ■ the switch's web browser interface ■ SNMP (with a correct community name) Also, when configured in the switch, the access control imposed by the Authorized IP Manager feature takes precedence over the other forms of access control configurable on the switch, such as local passwords, RADIUS, and both Port-Based and Client-Based Access Control (802.1X). This means that the IP address of a networked management device must be authorized before the switch will attempt to authenticate the device by invoking any other access security features. Thus, with Authorized IP Managers configured, having the correct passwords or MAC address is not sufficient for accessing the switch through the network unless an IPv6 address configured on the station attempting the access is also included in the switch's Authorized IP Managers configuration. This presents the opportunity to combine the Autho rized IP Managers feature with other access control features to enhance the security fabric protecting the switch. The Authorized IP Managers feature does not protect against unauthorized station access through a modem or direct connection to the Console (RS-232) port. Also, if an unauthorized station "spoofs" an authorized IP address, then the unauthorized station cannot be blocked by the Authorized IP Managers feature, even if a duplicate IP address condition exists. To configure authorized IPv6 managers, refer to "Authorized IP Managers for IPv6" on page 6-3. For related information, refer to RFC 4864, "Local Network Protection for IPv6". 2-12

Section	Page
HP ProCurve 6120G/XG Switch 6120XG Switch IPv6 Configuration Guide	1
Front Cover	1
Title Page	3
Copyright, Notices, & Publication Data	4
Contents	5
Command Index	14
1. Getting Started	17
Contents	17
Introduction	18
Conventions	18
Command Syntax Statements	18
Command Prompts	19
Screen Simulations	19
Configuration and Operation Examples	20
Keys	20
Sources for More Information	20
Getting Documentation From the Web	22
Online Help	22
Menu Interface	22
Command Line Interface	23
Web Browser Interface	23
To Set Up and Install the Switch in Your Network	24
2. Introduction to IPv6	25
Contents	25
Migrating to IPv6	27
IPv6 Propagation	28
Dual-Stack Operation	28
Connecting to Devices Supporting IPv6 Over IPv4 Tunneling	29
Information Sources for Tunneling IPv6 Over IPv4	29
Use Model	30
Adding IPv6 Capability	30
Supported IPv6 Operation	30
Configuration and Management	31
Management Features	31
IPv6 Addressing	31
SLAAC (Stateless Automatic Address Configuration)	31
DHCPv6 (Stateful) Address Configuration	32
Static Address Configuration	32
Default IPv6 Gateway	32
Neighbor Discovery (ND) in IPv6	33
IPv6 Management Features	34
TFTPv6 Transfers	34
IPv6 Time Configuration	34
Telnet6	34
IP Preserve	35
Web Browser Interface	35
Path MTU (PMTU) Discovery	35
Configurable IPv6 Security	35
SSHv2 on IPv6	35
IP Authorized Managers	36
Diagnostic and Troubleshooting	37
Ping6	37
Traceroute6	37
Debug/Syslog Enhancements	37
Domain Name System (DNS) Resolution	37
IPv6 Neighbor Discovery (ND) Controls	38
Event Log	38
SNMP	38
Loopback Address	38
IPv6 Scalability	39
3. IPv6 Addressing	41
Contents	41
Introduction	43
IPv6 Address Structure and Format	43
Address Format	43
Address Notation	43
Network Prefix	44
Interface (Device) Identifier	44
IPv6 Addressing Options	45
IPv6 Address Sources	45
General IPv6 Address Types	45
IPv6 Address Sources	47
Stateless Address Autoconfiguration (SLAAC)	47
Applications	47
Preferred and Valid Lifetimes of Stateless Autoconfigured Addresses	47
Stateful (DHCPv6) Address Configuration	48
Static Address Configuration	49
Address Types and Scope	50
Address Types	50
Address Scope	51
Unicast Address Prefixes	51
Link-Local Unicast Address	53
Autoconfiguring Link-Local Unicast Addresses	53
Extended Unique Identifier (EUI)	54
Statically Configuring Link-Local Addresses	55
Global Unicast Address	56
Stateless Autoconfiguration of a Global Unicast Address	56
Static Configuration of a Global Unicast Address	57
Prefixes in Routable IPv6 Addresses	58
Unique Local Unicast IPv6 Address	59
Anycast Addresses	60
Multicast Application to IPv6 Addressing	61
Overview of the Multicast Operation in IPv6	61
IPv6 Multicast Address Format	62
Multicast Group Identification	62
Solicited-Node Multicast Address Format	63
Loopback Address	64
The Unspecified Address	64
IPv6 Address Deprecation	65
Preferred and Valid Address Lifetimes	65
4. IPv6 Addressing Configuration	67
Contents	67
Introduction	69
General Configuration Steps	70
Configuring IPv6 Addressing	71
Enabling IPv6 with an Automatically Configured Link-Local Address	72
Enabling Autoconfiguration of a Global Unicast Address and a Default Router Identity on a VLAN	73
Operating Notes	74
Enabling DHCPv6	75
Operating Notes	76
Configuring a Static IPv6 Address on a VLAN	77
Statically Configuring a Link-Local Unicast Address	78
Statically Configuring A Global Unicast Address	79
Operating Notes	80
Statically Configuring An Anycast Address	80
Duplicate Address Detection (DAD) for Statically Configured Addresses	82
Disabling IPv6 on a VLAN	82
Neighbor Discovery (ND)	83
Duplicate Address Detection (DAD)	84
DAD Operation	84
Configuring DAD	85
Operating Notes for Neighbor Discovery	86
View the Current IPv6 Addressing Configuration	88
Router Access and Default Router Selection	95
Router Advertisements	95
Router Solicitations	95
Default IPv6 Router	96
Router Redirection	96
View IPv6 Gateway, Route, and Router Neighbors	97
Viewing Gateway and IPv6 Route Information	97
Viewing IPv6 Router Information	98
Address Lifetimes	100
Preferred Lifetime	100
Valid Lifetime	100
Sources of IPv6 Address Lifetimes	100
5. IPv6 Management Features	103
Contents	103
Introduction	104
Viewing and Clearing the IPv6 Neighbors Cache	104
Viewing the Neighbor Cache	105
Clearing the Neighbor Cache	107
IPv6 Telnet Operation	108
Outbound Telnet to Another Device	108
Viewing the Current Telnet Activity on a Switch	109
Enabling or Disabling Inbound Telnet Access	111
Viewing the Current Inbound Telnet Configuration	111
SNTP and Timep	112
Configuring (Enabling or Disabling) the SNTP Mode	112
Configuring an IPv6 Address for an SNTP Server	113
Configuring (Enabling or Disabling) the Timep Mode	115
TFTP File Transfers Over IPv6	119
Enabling TFTP for IPv6	120
Using TFTP to Copy Files over IPv6	121
Using Auto-TFTP for IPv6	124
SNMP Management for IPv6	125
SNMP Features Supported	125
SNMP Configuration Commands Supported	126
SNMPv1 and V2c	126
SNMPv3	126
IP Preserve for IPv6	129
6. IPv6 Management Security Features	133
Contents	133
IPv6 Management Security	134
Authorized IP Managers for IPv6	135
Usage Notes	135
Configuring Authorized IP Managers for Switch Access	137
Using a Mask to Configure Authorized Management Stations	137
Configuring Single Station Access	137
Configuring Multiple Station Access	138
Displaying an Authorized IP Managers Configuration	144
Additional Examples of Authorized IPv6 Managers Configuration	145
Secure Shell (SSH) for IPv6	147
Configuring SSH for IPv6	147
Displaying an SSH Configuration	150
Secure Copy and Secure FTP for IPv6	152
7. IPv6 Diagnostic and Troubleshooting	153
Contents	153
Introduction	154
Ping for IPv6 (Ping6)	154
Traceroute for IPv6	157
DNS Resolver for IPv6	160
DNS Configuration	160
Viewing the Current Configuration	162
Operating Notes	162
Debug/Syslog for IPv6	163
Configuring Debug and Event Log Messaging	163
Debug Command	164
Configuring Debug Destinations	165
Logging Command	166
A.IPv6 Terminology	167
Index	169
Symbols	169
A	169
B	169
C	169
D	170
E	170
F	171
G	171
I	171
L	172
M	172
N	172
O	173
P	173
Q	173
R	173
S	173
T	174
U	175
V	175
W	175

Match case Limit results 1 per page

Introduction to IPv6

Configurable IPv6 Security

Caution

The switch supports up to six inbound sessions of the following types in any

combination at any given time:

■

SSHv2

■

SSHv2 IPv6

■

Telnet-server

■

Telnet6-server

■

SFTP/SCP (One SFTP or SCP session allowed at a given time.)

■

Console (serial RS-232 connection)±

For more information, refer to “Secure Shell (SSH) for IPv6” on page 6-15.±

IP Authorized Managers

The IPv6 Authorized IP Managers feature, like the IPv4 version, uses IP

addresses and masks to determine which stations (PCs and workstations) can

access the switch through the network, and includes these access methods:

■

Telnet, SSH, and other terminal emulation applications

■

the switch's web browser interface

■

SNMP (with a correct community name)

Also, when configured in the switch, the access control imposed by the

Authorized IP Manager feature takes precedence over the other forms of

access control configurable on the switch, such as local passwords, RADIUS,

and both Port-Based and Client-Based Access Control (802.1X). This means

that the IP address of a networked management device must be authorized

before the switch will attempt to authenticate the device by invoking any other

access security features. Thus, with Authorized IP Managers configured,

having the correct passwords or MAC address is not sufficient for accessing

the switch through the network unless an IPv6 address configured on the

station attempting the access is also included in the switch's Authorized IP

Managers configuration. This presents the opportunity to combine the Autho-

rized IP Managers feature with other access control features to enhance the

security fabric protecting the switch.

The Authorized IP Managers feature does not protect against unauthorized

station access through a modem or direct connection to the Console (RS-232)

port. Also, if an unauthorized station “spoofs” an authorized IP address, then

the unauthorized station cannot be blocked by the Authorized IP Managers

feature, even if a duplicate IP address condition exists.

To configure authorized IPv6 managers, refer to “Authorized IP Managers for

IPv6” on page 6-3.

For related information, refer to RFC 4864, “Local Network Protection for

IPv6”.

2-12