Manuals / HP / Computer Equipment / Switch

HP IPv6 6200yl, IPv6 2900, IPv6 5400zl, IPv6 3500yl manual IPv6 Management Security Features

Models: IPv6 3500yl IPv6 5400zl IPv6 2900 IPv6 6200yl

1 195

Download 195 pages 28.42 Kb

Page 132

IPv6 Management Security Features

Authorized IP Managers for IPv6

■You configure each authorized manager address with Manager or Opera- tor-level privilege to access the switch in a Telnet, SNMPv1, or SNMPv2c session. (Access privilege for SSH, SNMPv3, and web browser sessions are configured through the access application, not through the Authorized IP Managers feature.)

•Manager privilege allows full access to all web browser and console interface screens for viewing, configuration, and all other operations available in these interfaces.

•Operator privilege allows read-only access from the web browser and console interfaces.

■When you configure station access to the switch using the Authorized IP Managers feature, the settings take precedence over the access config- ured with local passwords, TACACS+ servers, RADIUS-assigned settings, port-based (802.1X) authentication, and port security settings.

As a result, the IPv6 address of a networked management device must be configured with the Authorized IP Managers feature before the switch can authenticate the device using the configured settings from other access security features. If the Authorized IP Managers feature disallows access to the device, then access is denied. Therefore, with authorized IP man- agers configured, logging in with the correct passwords is not sufficient to access a switch through the network unless the station requesting access is also authorized in the switch’s Authorized IP Managers config- uration.

6-4

Image 132

HP IPv6 6200yl, IPv6 2900, IPv6 5400zl, IPv6 3500yl manual IPv6 Management Security Features

Contents

ProCurve Switches Page IPv6 Configuration Guide Publication Number Contents Information Sources for Tunneling IPv6 Over IPv4 IPv6 Addressing IPv6 Addressing Configuration Operating NotesContents Introduction ViiContents IPv6 Management Security IP Preserve for IPv6Secure Copy and Secure FTP for IPv6 Terminology Page About Your Switch Manual Set Printed PublicationsElectronic Publications Page IPv6 Command Index Mands covered in this guideExample Index begins on the nextXii CopyCommand Min. Level IPv6 Management XiiiXiv Getting Started Command Syntax Statements IntroductionConventions Command Prompts Configuration and Operation ExamplesScreen Simulations Keys13.01, and includes an IPv6 command index on Refer to the switch publications listed in this sectionSources for More Information PIM SM and DM IP routing VrrpGetting Documentation From the Web Online HelpMenu Interface Command Line Interface Web Browser InterfaceTo Set Up and Install the Switch in Your Network Introduction to IPv6 Introduction to IPv6 Migrating to IPv6 IPv6 Propagation Dual-Stack OperationIndividual IPv4 and IPv6 devices ignore each others traffic Over IPv4 tunnelingConnecting to Devices Supporting IPv6 Over IPv4 TunnelingInformation Sources for Tunneling IPv6 Over IPv4 Use Model Adding IPv6 CapabilitySupported IPv6 Operation in Release K.13.01 Configuration and Management Management FeaturesSlaac Stateless Automatic Address Configuration IPv6 AddressingDHCPv6 Stateful Address Configuration Static Address ConfigurationDefault IPv6 Gateway Neighbor Discovery ND in IPv6 IPv6 Management Features IPv6 Time ConfigurationTFTPv6 Transfers Telnet6Configurable IPv6 Security SSHv2 on IPv6IP Preserve Multicast Listener Discovery MLDIP Authorized Managers Diagnostic and Troubleshooting Icmp Rate-LimitingPing6 Traceroute6Domain Name System DNS Resolution IPv6 Neighbor Discovery ND ControlsEvent Log IPv6 Scalability Loopback AddressDebug/Syslog Enhancements Path MTU Pmtu Discovery IPv6 Addressing Loopback Address Unspecified Address IPv6 Address Structure and Format Address FormatAddress Notation 2001db8a921560fffe7aadc0 2001db8260021201b4Network Prefix Interface Device IdentifierIPv6 Addressing Options IPv6 Address SourcesGeneral IPv6 Address Types Related Information Stateless Address Autoconfiguration Slaac IPv6 Address SourcesApplications Stateful DHCPv6 Address Configuration DHCPv6 addressing must be enabled per-VLAN on the switchRouter Static Address Configuration Refer to Configuring a Static IPv6 Address on a Vlan onAddress Types and Scope Address TypesAddress Scope Unicast Address PrefixesFe80000000000000021560fffe7aadc0/64 Fe8021560fffe7aasc0/64 IPv6 Addressing Autoconfiguring Link-Local Unicast Addresses Link-Local Unicast AddressConfigures the Vlan to send DHCPv6 requests Extended Unique Identifier EUIFe80/64 plus a 64-bit device identifier Generate a link-local addressStatically Configuring Link-Local Addresses InterfaceRFC 2373 IP Version 6 Addressing Architecture Unique local addressesStateless Autoconfiguration of a Global Unicast Address Global Unicast AddressStatic Configuration of a Global Unicast Address Following address assignments on VlanLink-local unicast fe8021560fffe7aadc0/64 Global unicast2001026021221560fffe7aadc0/64Prefixes in Routable IPv6 Addresses Unique Local Unicast IPv6 Address Anycast Addresses DNS UDPMulticast Application to IPv6 Addressing Overview of the Multicast Operation in IPv6IPv6 Multicast Address Format Multicast Group IdentificationSolicited-Node Multicast Address Format Bit UseLoopback Address Unspecified Address IPv6 Address DeprecationPreferred and Valid Address Lifetimes T e s Do not expireLink-Local Address Router AdvertisementsRouter Solicitations Default IPv6 Router Router Redirection CLI General Configuration Steps Configuring IPv6 Addressing Default Disabled Implements unicast address autoconfiguration as follows Operating Notes Enabling DHCPv6 Default Disabled Configuring a Static IPv6 Address on a VlanStatically Configuring a Link-Local Unicast Address Syntax no ipv6 address fe80 device-identifier link-localStatically Configuring a Global Unicast Address Device-id Enters a user-defined device identityStatically Configuring An Anycast Address Default None Ipv6 enable Disabling IPv6 on a VlanNeighbor Discovery ND Duplicate Address Detection DAD DAD OperationConfiguring DAD No form of the command restores the default settingOperating Notes View the Current IPv6 Addressing Configuration Address Origin Example of Show IPv6 Command Output IPv6 Addressing Configuration Syntax show run Address autoconfig Router Access and Default Router Selection Router AdvertisementsRouter Solicitations Default IPv6 Router Router RedirectionNected View IPv6 Gateway, Route, and Router Neighbors Viewing Gateway and IPv6 Route InformationViewing IPv6 Router Information Router Address The IPv6 address of the router interfaceExample of Show IPv6 Routers Output Address Lifetimes Preferred LifetimeValid Lifetime Sources of IPv6 Address LifetimesLink-Local Permanent IPv6 Addressing Configuration IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Viewing the Neighbor Cache Example of Neighbor Cache Without Specifying a Vlan Clearing the Neighbor Cache Syntax clear ipv6 neighborsTelnet6 Operation Outbound Telnet6 to Another DeviceViewing the Current Telnet Activity on a Switch Example of Show Telnet Output with Three Sessions ActiveEnabling or Disabling Inbound Telnet6 Access Viewing the Current Inbound Telnet6 ConfigurationConfiguring Enabling or Disabling the Sntp Mode Sntp and TimepConfiguring an IPv6 Address for an Sntp Server Router on a Vlan configured on the switchVlan must be configured on the switch. For example Fe8021560fffe7aadc0 on Vlan 10, configured on the switch 2001db821560fffe798980Configuring Enabling or Disabling the Timep Mode Vlan configured on the switch Configured on the switch. For example fe8011215%vlan10ProCurveconfig# ip timep manual Tftp File Transfers Over IPv6 Tftp File Transfers over IPv6For more information, see Using Auto-TFTP for IPv6 on Enabling Tftp for IPv6Menu interface Download OS screen become unavailable Using Tftp to Copy Files over IPv6 Syntax copy source tftp ipv6-addr filename pc unix Using Auto-TFTP for IPv6 Snmp Features Supported Snmp Management for IPv6Snmp Configuration Commands Supported Supported in the following configuration commandsSNMPv1 and V2c SNMPv3Show snmp-server Command Output with IPv6 Address Show snmpv3 targetaddress Command Output with IPv6 Address IP Preserve for IPv6IPv6 Management Features IPv6 Management Features IPv6 Management Features IPv6 Management Security Features IPv6 Management Security Authorized IP Managers for IPv6 Usage NotesIPv6 Management Security Features Configuring Authorized IP Managers for Switch Access Using a Mask to Configure Authorized Management StationsConfiguring Single Station Access Mask and is applied in a different mannerConfiguring Multiple Station Access T e sHexadecimal Mask Values and Binary Equivalents FFFFFFFFFFFFFFF8FFFFFFFFFFFFFFFC 1st 2nd 3rd 4th 5th 6th 7th 8th Block IPv6 Mask Ffff FFF8 Binary Equivalents of Authorized Subnet IDs in Hexadecimal Authorized to access the switch for example Granted access11. Default IPv6 Mask IPv6 Management Security Features Configuring SSH for IPv6 Secure Shell for IPv6T e Displaying an SSH Configuration InactiveSecure Copy and Secure FTP for IPv6 Mands and software utilities to useMessage Multicast Listener Discovery MLD Snooping Overview Introduction to MLD Snooping Without MLD, multicast traffic is flooded to all ports Multicast Listener Discovery MLD Snooping Multicast Listener Discovery MLD Snooping Multicast Listener Discovery MLD Snooping Configuring MLD For example, to enable MLD snooping on VlanTo disable MLD snooping on Vlan Enabling or Disabling MLD Snooping on a VlanConfiguring Per-Port MLD Traffic Filters Vlan Name VLAN8Configuring the Querier Configuring Fast LeaveTo enable the switch to act as querier on Vlan Configuring Forced Fast Leave For example, to disable fast leave on ports in VlanTo enable fast leave on ports in Vlan For example, to enable forced fast leave on ports in VlanDisplaying MLD Status Configuration Current MLD StatusContinuation of Figure Multicast Listener Discovery MLD Snooping Current MLD Configuration Following information, for all MLD-enabled VLANs, is shownSpecific form of the command might look like this Example of an MLD Configuration for a Specific VlanPorts Currently Joined Vlan IDStatistics Shows MLD statistics for the specified Vlan vid-VLAN IDFor example, the general form of the command Example of MLD Statistics for All VLANs ConfiguredCounters Displays MLD counters for the specified Vlan vid-VLAN IDFollowing information is shown Multicast Listener Discovery MLD Snooping IPv6 Diagnostic and Troubleshooting Icmp Rate-Limiting Default 10 Range 1 Ping for IPv6 Ping6 Examples of IPv6 Ping Tests Traceroute for IPv6 Syntax traceroute6 ipv6-address hostname Examples of IPv6 Traceroute Probes DNS Configuration DNS Resolver for IPv6Domain suffix mygroup.procurve.net Viewing the Current Configuration Operating NotesConfiguring Debug and Event Log Messaging Debug/Syslog for IPv6Severity level System module Debug Command Ip rip database event trigger Configuring Debug Destinations Logging Command Terminology Terminology Index IndexDAD Icmp Lldp SCP Sntp Vlan Page 5992-3067