IPv6 Management Security Features
Authorized IP Managers for IPv6
Additional Examples of Authorized IPv6 Managers
Configuration
Authorizing Manager Access. The following IPv6 commands authorize manager-level access for one link-local station at a time. Note that when you enter a link-local IPv6 address with the ipv6 authorized-managerscommand, you must also enter a VLAN ID in the format: %vlan<vlan-id>.
ProCurve(config)# ipv6 authorized-managers fe80::07be:44ff:fec5:c965%vlan2
ProCurve(config)# ipv6 authorized-managers fe80::070a:294ff:fea4:733d%vlan2
ProCurve(config)# ipv6 authorized-managers fe80::19af:2cff:fe34:b04a%vlan5
If you do not enter an ipv6-maskvalue when you configure an authorized IPv6 address, the switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the default IPv6 mask. Also, if you do not specify an access value to grant either Manager- or Operator-level access, by default, the switch assigns Man ager access. For example:
ProCurve# ipv6 authorized-managers 2001:db8::a8:1c:e3:69
ProCurve# show ipv6 authorized-managers
IPv6 Authorized Managers
--------------------------
Address : 2001:db8::a8:1c:e3:69
Mask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Access : Manager
If you do not enter a value for ipv6-maskin the ipv6 authorized-managerscommand, the default mask of FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF: is applied. The default mask authorizes only the specified station (see “Configuring Single Station Access” on page 6-5).
Figure 6-11. Default IPv6 Mask