Manuals / Brands / Computer Equipment / Switch / HP / Computer Equipment / Switch

HP ProCurve 2910AL FFF8, FFF8, FFF8, FFFF:FFFF:FFFF:FFF8, FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFF, 2001:DB8:0000:0000:244:17FF:FEB6:D37D/64

1 194

Download 194 pages, 2.43 Mb

IPv6 Management Security Features

Authorized IP Managers for IPv6

to 0 (“off”) and allow the corresponding bits in an authorized IPv6 address to be either “on” or “off”. As a result, only the four IPv6 addresses shown in Figure 6-5 are allowed access.

	1st	2nd	3rd	4th	5th	6th	7th	8th
	Block	Block	Block	Block	Block	Block	Block	Block

IPv6 Mask	FFFF	FFFF	FFFF	FFFF	FFFF	FFFF	FFFF	FFFC
IPv6 Address Entered with the “ipv6	2001	DB8	0000	0000	244	17FF	FEB6	D37D
authorized-managers” Command
Other Authorized IPv6 Addresses	2001	DB8	0000	0000	244	17FF	FEB6	D37C
	2001	DB8	0000	0000	244	17FF	FEB6	D37E
	2001	DB8	0000	0000	244	17FF	FEB6	D37F

Figure 6-5. Example: How Hexadecimal C in a Mask Authorizes Four IPv6 Manager Addresses

Example. Figure 6-6 shows an example in which a mask is applied to the IPv6 address: 2001:DB8:0000:0000:244:17FF:FEB6:D37D/64. The specified mask FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFF configures eight management stations as authorized IP manager stations.

Note that, in this example, the IPv6 mask is applied as follows:

■Eight management stations in different subnets are authorized by the value of the fourth block (FFF8) in the 64-bit prefix ID (FFFF:FFFF:FFFF:FFF8) of the mask. (The fourth block of the prefix ID is often used to define subnets in an IPv6 network.)

The binary equivalent of FFF8 that is used to specify valid subnet IDs in the IPv6 addresses of authorized stations is: 1111 1111 1111 1000.

The three “off” bits (1000) in the last part of the this block (FFF8) of the mask allow for eight possible authorized IPv6 stations: 2001:DB8:0000:0000:244:17FF:FEB6:D37D 2001:DB8:0000:0001:244:17FF:FEB6:D37D 2001:DB8:0000:0002:244:17FF:FEB6:D37D 2001:DB8:0000:0003:244:17FF:FEB6:D37D 2001:DB8:0000:0004:244:17FF:FEB6:D37D 2001:DB8:0000:0005:244:17FF:FEB6:D37D 2001:DB8:0000:0006:244:17FF:FEB6:D37D 2001:DB8:0000:0007:244:17FF:FEB6:D37D

6-9

Contents

ProCurve Switches Page HP ProCurve 2910al Switch IPv6 Configuration Guide Page 1 Getting Started 2 Introduction to IPv6 3 IPv6 Addressing 4 IPv6 Addressing Configuration 5 IPv6 Management Features 6 IPv6 Management Security Features 7 Multicast Listener Discovery (MLD) Snooping 8 IPv6 Diagnostic and Troubleshooting A Terminology Index Product Documentation Printed Publications Electronic Publications Software Feature Index Intelligent Edge Software Manual Features Page Page Page Page Getting Started Configuration and Operation Examples Protocol Acronyms Command Syntax and Displayed Information copy tftp Command Prompts ProCurve hostname Screen Simulations Displayed Text Sources for More Information www.procurve.com Customer Care Manuals Page Getting Documentation From the Web Online Help Command Line Interface help Figure 1-3.Example of CLI Help Web Browser Interface Figure 1-4.Help for Web Browser Interface IP Addressing Physical Installation Introduction to IPv6 Page Migrating to IPv6 Figure 2-1. Dual-StackProCurve Switches Employed in an IPv4/IPv6 Network IPv6 Propagation Dual-StackOperation Connecting to Devices Supporting IPv6 Over IPv4 Tunneling Adding IPv6 Capability Supported IPv6 Operation in Release K.13.01 Management Features IPv6 Addressing DHCPv6 (Stateful) Address Configuration Static Address Configuration Default IPv6 Gateway Neighbor Discovery (ND) in IPv6 IPv6 Management Features SSHv2 on IPv6 IP Authorized Managers ICMP Rate-Limiting Ping6 Traceroute6 Domain Name System (DNS) Resolution IPv6 Neighbor Discovery (ND) Controls Event Log SNMP Loopback Address Debug/Syslog Enhancements Path MTU (PMTU) Discovery IPv6 Addressing Page IPv6 Address Structure and Format Address Format xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : Address Notation Network Prefix Interface (Device) Identifier IPv6 Address Sources General IPv6 Address Types Static Address Configuration Related Information Stateless Address Autoconfiguration (SLAAC) Stateful (DHCPv6) Address Configuration Static Address Configuration Address Types Address Scope Unicast Address Prefixes Multicast Prefix (ff) Autoconfiguring Link-LocalUnicast Addresses Extended Unique Identifier (EUI) Statically Configuring Link-LocalAddresses Stateless Autoconfiguration of a Global Unicast Address Static Configuration of a Global Unicast Address Prefixes in Routable IPv6 Addresses Unique Local Unicast IPv6 Address Anycast Addresses Overview of the Multicast Operation in IPv6 IPv6 Multicast Address Format multicast scope: Bit group identifier: Solicited-NodeMulticast Address Format www.iana.org Loopback Address Preferred and Valid Address Lifetimes N o t e s IPv6 Addressing Configuration Page Feature Default CLI show General Configuration Steps Configuring IPv6 Addressing Enabling IPv6 with an Automatically Configured Link-LocalAddress Default: Disabled show run Notes: Default: Disabled autoconfig Operating Notes Enabling DHCPv6 ipv6 enable [rapid-commit]: Default: Disabled Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-LocalUnicast Address Statically Configuring A Global Unicast Address Statically Configuring An Anycast Address anycast: Default: None Duplicate Address Detection (DAD) for Statically Configured Addresses Neighbor Discovery (ND) Duplicate Address Detection (DAD) DAD Operation Configuring DAD Page View the Current IPv6 Addressing Configuration IPv6 Routing: Disabled Default Gateway: ND DAD: Address Origin: Autoconfig: DHCP: Manual: IPv6 Address/Prefix Length: Figure 4-1.Example of Show IPv6 Command Output ipv6 nd dad- attempts Page Figure 4-2.Example of Show IPv6 VLAN < vid > Output Syntax: show run Page Router Advertisements Router Solicitations Default IPv6 Router Router Redirection Viewing Gateway and IPv6 Route Information Viewing IPv6 Router Information MTU: Hop Limit: Prefix Advertised: Valid Lifetime: Preferred Lifetime: Preferred Lifetime Valid Lifetime Sources of IPv6 Address Lifetimes Table 4-1.IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Page IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Anycast Addresses Viewing the Neighbor Cache Figure 5-1.Example of Neighbor Cache Without Specifying a VLAN Figure 5-2.Example of Neighbor Cache Content for a Specific VLAN Clearing the Neighbor Cache Outbound Telnet6 to Another Device Viewing the Current Telnet Activity on a Switch Enabling or Disabling Inbound Telnet6 Access Viewing the Current Inbound Telnet6 Configuration Configuring (Enabling or Disabling) the SNTP Mode Configuring an IPv6 Address for an SNTP Server Syntax:. show sntp timep SNTP Mode: SNTP Server Address: Protocol Version: Configuring (Enabling or Disabling) the Timep Mode timep dhcp: Note Timep Mode: Server Address: Poll Interval (min) [720]: show timep ip timep manual TFTP File Transfers over IPv6 Enabling TFTP for IPv6 tftp6 U s a g e N o t e s Using TFTP to Copy Files over IPv6 target autorun-cert-file autorun-key-file command-file pub-key-file startup-config crash-log slot-id master >: Using Auto-TFTPfor IPv6 boot system flash primary reload SNMP Features Supported SNMP Configuration Commands Supported snmp-server Figure 5-8.“show snmp-server”Command Output with IPv6 Address show snmpv3 targetaddress Figure 5-9.“show snmpv3 targetaddress” Command Output with IPv6 Address IP Preserve for IPv6 ip preserve Figure 5-10.Example of How to Enter IP Preserve in a Configuration File dhcp-bootp Page IPv6 Management Security Features IPv6 Management Security Usage Notes Page Configuring Authorized IP Managers for Switch Access Using a Mask to Configure Authorized Management Stations authorized-managers command Figure 6-1.Mask for Configuring a Single Authorized IPv6 Manager Station Configuring Multiple Station Access Figure 6-2.Hexadecimal Mask Values and Binary Equivalents Example 2001:DB8:0000:0000:244:17FF:FEB6:D37D FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC 2001:DB8:0000:0000:244:17FF:FEB6:D37D/64 FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFF FFF8 FFFF:FFFF:FFFF:FFF8 244:17FF:FEB6:D37D Figure 6-8.Binary Equivalents of Authorized Subnet IDs (in Hexadecimal) Displaying an Authorized IP Managers Configuration Figure 6-9.Example of “show ipv6 authorized-managers”Output Figure 6-10.How Masks Determine Authorized IPv6 Manager Addresses Additional Examples of Authorized IPv6 Managers Configuration FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00 operator manager Configuring SSH for IPv6 no ip ssh 4or6 Displaying an SSH Configuration Secure Copy and Secure FTP for IPv6 ip-version ip ssh filetransfer no ip ssh filetransfer Multicast Listener Discovery (MLD) Snooping Overview Introduction to MLD Snooping MLD host multicast router Figure 7-1.Without MLD, multicast traffic is flooded to all ports Figure 7-2.With MLD snooping, traffic is sent to MLD hosts Forwarding in MLD snooping Listeners and joins Queries Leaves Page Enabling or Disabling MLD Snooping on a VLAN Configuring Per-PortMLD Traffic Filters Configuring the Querier Configuring Fast Leave Configuring Forced Fast Leave Current MLD Status Figure 7-5.Continuation of Figure Page Current MLD Configuration Figure 7-7.Example of an MLD Configuration for a Specific VLAN Ports Currently Joined Statistics Figure 7-9.Example of MLD Statistics for All VLANs Configured Figure 7-10.Example of MLD Statistics for a Single VLAN Counters Page Page IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting error-interval: Range: Default: 10; Range: 1 no ipv6 icmp error-interval Ping for IPv6 (Ping6) link-local-address hostname switch-number [repetitions] [timeout] [data-size] [data-fill] Figure 8-1.Examples of IPv6 Ping Tests Traceroute for IPv6 traceroute ipv6-address minttl: minttl maxttl timeout Figure 8-2.Examples of IPv6 Traceroute Probes DNS Configuration ip-addr 2001:db8::127:10 ■the domain suffix mygroup.procurve.net Viewing the Current Configuration Operating Notes Configuring Debug and Event Log Messaging Debug Command Configuring Debug Destinations Logging Command Page Terminology Page Index Symbols