Manuals / Brands / Computer Equipment / Switch / HP / Computer Equipment / Switch

HP ProCurve 2910AL Usage Notes, Authorized IP Managers for IPv6, ipv6, 0:0:0:0:0:0:0:0, authorized-managers, authorized-managers ::

1 194

Download 194 pages, 2.43 Mb

IPv6 Management Security Features

Authorized IP Managers for IPv6

Authorized IP Managers for IPv6

The Authorized IP Managers feature uses IP addresses and masks to deter mine which stations (PCs or workstations) can access the switch through the network. This feature supports switch access through:

■Telnet and other terminal emulation applications

■Web browser interface

■SNMP (with a correct community name)

As with the configuration of IPv4 management stations, the Authorized IP Managers for IPv6 feature allows you to specify the IPv6-based stations that can access the switch.

Usage Notes

■You can configure up to ten authorized IPv4 and IPv6 manager addresses on a switch, where each address applies to either a single management station or a group of stations. Each authorized manager address consists of an IPv4 or IPv6 address and a mask that determines the individual management stations that are allowed access.

•You configure authorized IPv4 manager addresses using the ip autho rized-managerscommand. For more information, refer to the “Using Authorized IP Managers” chapter in the Access Security Guide.

•You configure authorized IPv6 manager addresses using the ipv6 authorized-managerscommand. For more information, see “Configur ing Authorized IP Managers for Switch Access” on page 6-5.

■You can block all IPv4-based or all IPv6-based management stations from accessing the switch by entering the following commands:

•To block access to all IPv4 manager addresses while allowing access to IPv6 manager addresses, enter the ip authorized-managers 0.0.0.0 command.

•To block access to all IPv6 manager addresses while allowing access to IPv4 manager addresses, enter the ipv6 authorized-managers ::com mand. (The double colon represents an IPv6 address that consists of all zero’s: 0:0:0:0:0:0:0:0.)

6-3

Contents

ProCurve Switches Page HP ProCurve 2910al Switch IPv6 Configuration Guide Page 1 Getting Started 2 Introduction to IPv6 3 IPv6 Addressing 4 IPv6 Addressing Configuration 5 IPv6 Management Features 6 IPv6 Management Security Features 7 Multicast Listener Discovery (MLD) Snooping 8 IPv6 Diagnostic and Troubleshooting A Terminology Index Product Documentation Printed Publications Electronic Publications Software Feature Index Intelligent Edge Software Manual Features Page Page Page Page Getting Started Configuration and Operation Examples Protocol Acronyms Command Syntax and Displayed Information copy tftp Command Prompts ProCurve hostname Screen Simulations Displayed Text Sources for More Information www.procurve.com Customer Care Manuals Page Getting Documentation From the Web Online Help Command Line Interface help Figure 1-3.Example of CLI Help Web Browser Interface Figure 1-4.Help for Web Browser Interface IP Addressing Physical Installation Introduction to IPv6 Page Migrating to IPv6 Figure 2-1. Dual-StackProCurve Switches Employed in an IPv4/IPv6 Network IPv6 Propagation Dual-StackOperation Connecting to Devices Supporting IPv6 Over IPv4 Tunneling Adding IPv6 Capability Supported IPv6 Operation in Release K.13.01 Management Features IPv6 Addressing DHCPv6 (Stateful) Address Configuration Static Address Configuration Default IPv6 Gateway Neighbor Discovery (ND) in IPv6 IPv6 Management Features SSHv2 on IPv6 IP Authorized Managers ICMP Rate-Limiting Ping6 Traceroute6 Domain Name System (DNS) Resolution IPv6 Neighbor Discovery (ND) Controls Event Log SNMP Loopback Address Debug/Syslog Enhancements Path MTU (PMTU) Discovery IPv6 Addressing Page IPv6 Address Structure and Format Address Format xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : Address Notation Network Prefix Interface (Device) Identifier IPv6 Address Sources General IPv6 Address Types Static Address Configuration Related Information Stateless Address Autoconfiguration (SLAAC) Stateful (DHCPv6) Address Configuration Static Address Configuration Address Types Address Scope Unicast Address Prefixes Multicast Prefix (ff) Autoconfiguring Link-LocalUnicast Addresses Extended Unique Identifier (EUI) Statically Configuring Link-LocalAddresses Stateless Autoconfiguration of a Global Unicast Address Static Configuration of a Global Unicast Address Prefixes in Routable IPv6 Addresses Unique Local Unicast IPv6 Address Anycast Addresses Overview of the Multicast Operation in IPv6 IPv6 Multicast Address Format multicast scope: Bit group identifier: Solicited-NodeMulticast Address Format www.iana.org Loopback Address Preferred and Valid Address Lifetimes N o t e s IPv6 Addressing Configuration Page Feature Default CLI show General Configuration Steps Configuring IPv6 Addressing Enabling IPv6 with an Automatically Configured Link-LocalAddress Default: Disabled show run Notes: Default: Disabled autoconfig Operating Notes Enabling DHCPv6 ipv6 enable [rapid-commit]: Default: Disabled Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-LocalUnicast Address Statically Configuring A Global Unicast Address Statically Configuring An Anycast Address anycast: Default: None Duplicate Address Detection (DAD) for Statically Configured Addresses Neighbor Discovery (ND) Duplicate Address Detection (DAD) DAD Operation Configuring DAD Page View the Current IPv6 Addressing Configuration IPv6 Routing: Disabled Default Gateway: ND DAD: Address Origin: Autoconfig: DHCP: Manual: IPv6 Address/Prefix Length: Figure 4-1.Example of Show IPv6 Command Output ipv6 nd dad- attempts Page Figure 4-2.Example of Show IPv6 VLAN < vid > Output Syntax: show run Page Router Advertisements Router Solicitations Default IPv6 Router Router Redirection Viewing Gateway and IPv6 Route Information Viewing IPv6 Router Information MTU: Hop Limit: Prefix Advertised: Valid Lifetime: Preferred Lifetime: Preferred Lifetime Valid Lifetime Sources of IPv6 Address Lifetimes Table 4-1.IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Page IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Anycast Addresses Viewing the Neighbor Cache Figure 5-1.Example of Neighbor Cache Without Specifying a VLAN Figure 5-2.Example of Neighbor Cache Content for a Specific VLAN Clearing the Neighbor Cache Outbound Telnet6 to Another Device Viewing the Current Telnet Activity on a Switch Enabling or Disabling Inbound Telnet6 Access Viewing the Current Inbound Telnet6 Configuration Configuring (Enabling or Disabling) the SNTP Mode Configuring an IPv6 Address for an SNTP Server Syntax:. show sntp timep SNTP Mode: SNTP Server Address: Protocol Version: Configuring (Enabling or Disabling) the Timep Mode timep dhcp: Note Timep Mode: Server Address: Poll Interval (min) [720]: show timep ip timep manual TFTP File Transfers over IPv6 Enabling TFTP for IPv6 tftp6 U s a g e N o t e s Using TFTP to Copy Files over IPv6 target autorun-cert-file autorun-key-file command-file pub-key-file startup-config crash-log slot-id master >: Using Auto-TFTPfor IPv6 boot system flash primary reload SNMP Features Supported SNMP Configuration Commands Supported snmp-server Figure 5-8.“show snmp-server”Command Output with IPv6 Address show snmpv3 targetaddress Figure 5-9.“show snmpv3 targetaddress” Command Output with IPv6 Address IP Preserve for IPv6 ip preserve Figure 5-10.Example of How to Enter IP Preserve in a Configuration File dhcp-bootp Page IPv6 Management Security Features IPv6 Management Security Usage Notes Page Configuring Authorized IP Managers for Switch Access Using a Mask to Configure Authorized Management Stations authorized-managers command Figure 6-1.Mask for Configuring a Single Authorized IPv6 Manager Station Configuring Multiple Station Access Figure 6-2.Hexadecimal Mask Values and Binary Equivalents Example 2001:DB8:0000:0000:244:17FF:FEB6:D37D FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC 2001:DB8:0000:0000:244:17FF:FEB6:D37D/64 FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFF FFF8 FFFF:FFFF:FFFF:FFF8 244:17FF:FEB6:D37D Figure 6-8.Binary Equivalents of Authorized Subnet IDs (in Hexadecimal) Displaying an Authorized IP Managers Configuration Figure 6-9.Example of “show ipv6 authorized-managers”Output Figure 6-10.How Masks Determine Authorized IPv6 Manager Addresses Additional Examples of Authorized IPv6 Managers Configuration FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00 operator manager Configuring SSH for IPv6 no ip ssh 4or6 Displaying an SSH Configuration Secure Copy and Secure FTP for IPv6 ip-version ip ssh filetransfer no ip ssh filetransfer Multicast Listener Discovery (MLD) Snooping Overview Introduction to MLD Snooping MLD host multicast router Figure 7-1.Without MLD, multicast traffic is flooded to all ports Figure 7-2.With MLD snooping, traffic is sent to MLD hosts Forwarding in MLD snooping Listeners and joins Queries Leaves Page Enabling or Disabling MLD Snooping on a VLAN Configuring Per-PortMLD Traffic Filters Configuring the Querier Configuring Fast Leave Configuring Forced Fast Leave Current MLD Status Figure 7-5.Continuation of Figure Page Current MLD Configuration Figure 7-7.Example of an MLD Configuration for a Specific VLAN Ports Currently Joined Statistics Figure 7-9.Example of MLD Statistics for All VLANs Configured Figure 7-10.Example of MLD Statistics for a Single VLAN Counters Page Page IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting error-interval: Range: Default: 10; Range: 1 no ipv6 icmp error-interval Ping for IPv6 (Ping6) link-local-address hostname switch-number [repetitions] [timeout] [data-size] [data-fill] Figure 8-1.Examples of IPv6 Ping Tests Traceroute for IPv6 traceroute ipv6-address minttl: minttl maxttl timeout Figure 8-2.Examples of IPv6 Traceroute Probes DNS Configuration ip-addr 2001:db8::127:10 ■the domain suffix mygroup.procurve.net Viewing the Current Configuration Operating Notes Configuring Debug and Event Log Messaging Debug Command Configuring Debug Destinations Logging Command Page Terminology Page Index Symbols