Manuals / Brands / Computer Equipment / Switch / HP / Computer Equipment / Switch

HP ProCurve 2910AL Configuring Authorized IP Managers for Switch Access, Using a Mask to Configure Authorized Management, Stations, Configuring Single Station Access, Note:

1 194

Download 194 pages, 2.43 Mb

IPv6 Management Security Features

Authorized IP Managers for IPv6

Configuring Authorized IP Managers for Switch Access

To configure one or more IPv6-based management stations to access the switch using the Authorized IP Managers feature, enter the ipv6 authorized- managers command

Syntax: ipv6 authorized-managers <ipv6-addr>[ipv6-mask] [access <operator manager>]

Configures one or more authorized IPv6 addresses to access the switch, where:

ipv6-maskspecifies the mask that is applied to an IPv6 address to determine authorized stations. For more information, see “Using a Mask to Configure Authorized Management Stations” on page 6-5.Default: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. access <operator manager> specifies the level of access privilege granted to authorized stations and applies only to Telnet, SNMPv1, and SNMPv2c access. Default: Manager.

Note: The Authorized IP Manager feature does not support the configuration of access privileges on authorized stations that use an SSH, SNMPv3, or the web browser session to access the switch. For these sessions, access privilege is configured with the access application.

Using a Mask to Configure Authorized Management

Stations

The ipv6-maskparameter controls how the switch uses an IPv6 address to determine the IPv6 addresses of authorized manager stations on your net work. For example, you can specify a mask that authorizes:

	■	Single station access
	■	Multiple station access

N o t e	Mask configuration is a method for determining the valid IPv6 addresses that
	are authorized for management access to the switch. In the Authorized IP
	Managers feature, the mask serves a different purpose than an IPv6 subnet
	mask and is applied in a different manner.

Configuring Single Station Access

To authorize only one IPv6-based station for access to the switch, enter the IPv6 address of the station and set the mask to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.

6-5

Contents

ProCurve Switches Page HP ProCurve 2910al Switch IPv6 Configuration Guide Page 1 Getting Started 2 Introduction to IPv6 3 IPv6 Addressing 4 IPv6 Addressing Configuration 5 IPv6 Management Features 6 IPv6 Management Security Features 7 Multicast Listener Discovery (MLD) Snooping 8 IPv6 Diagnostic and Troubleshooting A Terminology Index Product Documentation Printed Publications Electronic Publications Software Feature Index Intelligent Edge Software Manual Features Page Page Page Page Getting Started Configuration and Operation Examples Protocol Acronyms Command Syntax and Displayed Information copy tftp Command Prompts ProCurve hostname Screen Simulations Displayed Text Sources for More Information www.procurve.com Customer Care Manuals Page Getting Documentation From the Web Online Help Command Line Interface help Figure 1-3.Example of CLI Help Web Browser Interface Figure 1-4.Help for Web Browser Interface IP Addressing Physical Installation Introduction to IPv6 Page Migrating to IPv6 Figure 2-1. Dual-StackProCurve Switches Employed in an IPv4/IPv6 Network IPv6 Propagation Dual-StackOperation Connecting to Devices Supporting IPv6 Over IPv4 Tunneling Adding IPv6 Capability Supported IPv6 Operation in Release K.13.01 Management Features IPv6 Addressing DHCPv6 (Stateful) Address Configuration Static Address Configuration Default IPv6 Gateway Neighbor Discovery (ND) in IPv6 IPv6 Management Features SSHv2 on IPv6 IP Authorized Managers ICMP Rate-Limiting Ping6 Traceroute6 Domain Name System (DNS) Resolution IPv6 Neighbor Discovery (ND) Controls Event Log SNMP Loopback Address Debug/Syslog Enhancements Path MTU (PMTU) Discovery IPv6 Addressing Page IPv6 Address Structure and Format Address Format xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : Address Notation Network Prefix Interface (Device) Identifier IPv6 Address Sources General IPv6 Address Types Static Address Configuration Related Information Stateless Address Autoconfiguration (SLAAC) Stateful (DHCPv6) Address Configuration Static Address Configuration Address Types Address Scope Unicast Address Prefixes Multicast Prefix (ff) Autoconfiguring Link-LocalUnicast Addresses Extended Unique Identifier (EUI) Statically Configuring Link-LocalAddresses Stateless Autoconfiguration of a Global Unicast Address Static Configuration of a Global Unicast Address Prefixes in Routable IPv6 Addresses Unique Local Unicast IPv6 Address Anycast Addresses Overview of the Multicast Operation in IPv6 IPv6 Multicast Address Format multicast scope: Bit group identifier: Solicited-NodeMulticast Address Format www.iana.org Loopback Address Preferred and Valid Address Lifetimes N o t e s IPv6 Addressing Configuration Page Feature Default CLI show General Configuration Steps Configuring IPv6 Addressing Enabling IPv6 with an Automatically Configured Link-LocalAddress Default: Disabled show run Notes: Default: Disabled autoconfig Operating Notes Enabling DHCPv6 ipv6 enable [rapid-commit]: Default: Disabled Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-LocalUnicast Address Statically Configuring A Global Unicast Address Statically Configuring An Anycast Address anycast: Default: None Duplicate Address Detection (DAD) for Statically Configured Addresses Neighbor Discovery (ND) Duplicate Address Detection (DAD) DAD Operation Configuring DAD Page View the Current IPv6 Addressing Configuration IPv6 Routing: Disabled Default Gateway: ND DAD: Address Origin: Autoconfig: DHCP: Manual: IPv6 Address/Prefix Length: Figure 4-1.Example of Show IPv6 Command Output ipv6 nd dad- attempts Page Figure 4-2.Example of Show IPv6 VLAN < vid > Output Syntax: show run Page Router Advertisements Router Solicitations Default IPv6 Router Router Redirection Viewing Gateway and IPv6 Route Information Viewing IPv6 Router Information MTU: Hop Limit: Prefix Advertised: Valid Lifetime: Preferred Lifetime: Preferred Lifetime Valid Lifetime Sources of IPv6 Address Lifetimes Table 4-1.IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Page IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Anycast Addresses Viewing the Neighbor Cache Figure 5-1.Example of Neighbor Cache Without Specifying a VLAN Figure 5-2.Example of Neighbor Cache Content for a Specific VLAN Clearing the Neighbor Cache Outbound Telnet6 to Another Device Viewing the Current Telnet Activity on a Switch Enabling or Disabling Inbound Telnet6 Access Viewing the Current Inbound Telnet6 Configuration Configuring (Enabling or Disabling) the SNTP Mode Configuring an IPv6 Address for an SNTP Server Syntax:. show sntp timep SNTP Mode: SNTP Server Address: Protocol Version: Configuring (Enabling or Disabling) the Timep Mode timep dhcp: Note Timep Mode: Server Address: Poll Interval (min) [720]: show timep ip timep manual TFTP File Transfers over IPv6 Enabling TFTP for IPv6 tftp6 U s a g e N o t e s Using TFTP to Copy Files over IPv6 target autorun-cert-file autorun-key-file command-file pub-key-file startup-config crash-log slot-id master >: Using Auto-TFTPfor IPv6 boot system flash primary reload SNMP Features Supported SNMP Configuration Commands Supported snmp-server Figure 5-8.“show snmp-server”Command Output with IPv6 Address show snmpv3 targetaddress Figure 5-9.“show snmpv3 targetaddress” Command Output with IPv6 Address IP Preserve for IPv6 ip preserve Figure 5-10.Example of How to Enter IP Preserve in a Configuration File dhcp-bootp Page IPv6 Management Security Features IPv6 Management Security Usage Notes Page Configuring Authorized IP Managers for Switch Access Using a Mask to Configure Authorized Management Stations authorized-managers command Figure 6-1.Mask for Configuring a Single Authorized IPv6 Manager Station Configuring Multiple Station Access Figure 6-2.Hexadecimal Mask Values and Binary Equivalents Example 2001:DB8:0000:0000:244:17FF:FEB6:D37D FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC 2001:DB8:0000:0000:244:17FF:FEB6:D37D/64 FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFF FFF8 FFFF:FFFF:FFFF:FFF8 244:17FF:FEB6:D37D Figure 6-8.Binary Equivalents of Authorized Subnet IDs (in Hexadecimal) Displaying an Authorized IP Managers Configuration Figure 6-9.Example of “show ipv6 authorized-managers”Output Figure 6-10.How Masks Determine Authorized IPv6 Manager Addresses Additional Examples of Authorized IPv6 Managers Configuration FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00 operator manager Configuring SSH for IPv6 no ip ssh 4or6 Displaying an SSH Configuration Secure Copy and Secure FTP for IPv6 ip-version ip ssh filetransfer no ip ssh filetransfer Multicast Listener Discovery (MLD) Snooping Overview Introduction to MLD Snooping MLD host multicast router Figure 7-1.Without MLD, multicast traffic is flooded to all ports Figure 7-2.With MLD snooping, traffic is sent to MLD hosts Forwarding in MLD snooping Listeners and joins Queries Leaves Page Enabling or Disabling MLD Snooping on a VLAN Configuring Per-PortMLD Traffic Filters Configuring the Querier Configuring Fast Leave Configuring Forced Fast Leave Current MLD Status Figure 7-5.Continuation of Figure Page Current MLD Configuration Figure 7-7.Example of an MLD Configuration for a Specific VLAN Ports Currently Joined Statistics Figure 7-9.Example of MLD Statistics for All VLANs Configured Figure 7-10.Example of MLD Statistics for a Single VLAN Counters Page Page IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting error-interval: Range: Default: 10; Range: 1 no ipv6 icmp error-interval Ping for IPv6 (Ping6) link-local-address hostname switch-number [repetitions] [timeout] [data-size] [data-fill] Figure 8-1.Examples of IPv6 Ping Tests Traceroute for IPv6 traceroute ipv6-address minttl: minttl maxttl timeout Figure 8-2.Examples of IPv6 Traceroute Probes DNS Configuration ip-addr 2001:db8::127:10 ■the domain suffix mygroup.procurve.net Viewing the Current Configuration Operating Notes Configuring Debug and Event Log Messaging Debug Command Configuring Debug Destinations Logging Command Page Terminology Page Index Symbols