IPv6 Management Security Features

Authorized IP Managers for IPv6

Each authorized station has the same 64-bit device ID (244:17FF:FEB6:D37D) because the value of the last four blocks in the mask is FFFF (binary value 1111 1111).

FFFF requires all bits in each corresponding block of an authorized IPv6 address to have the same “on” or “off” setting as the device ID in the specified IPv6 address. In this case, each bit in the device ID (last four blocks) in an authorized IPv6 address is fixed and can be only one value: 244:17FF:FEB6:D37D.

 

1st

2nd

3rd

4th

5th

6th

7th

8th

Manager- or Operator-Level Access

 

Block

Block

Block

Block

Block

Block

Block

Block

 

 

 

 

 

 

 

 

 

 

IPv6 Mask

FFFF

FFFF

FFFF

FFF8

FFFF

FFFF

FFFF

FFFF In this example, the IPv6 mask allows up

Authorized

2001

DB8

0000

0000

244

17FF

FEB6

D37D

to four stations in different subnets to

access the switch. This authorized IP

 

 

 

 

 

 

 

 

 

IPv6 Address

manager configuration is useful if only management stations are specified by the authorized IPv6 addresses. Refer to Figure 6-4 for how the bitmap of the IPv6 mask determines authorized IP manager stations.

Figure 6-6. Example: Mask for Configuring Authorized IPv6 Manager Stations in Different Subnets

Fourth Block in Mask: FFF8

Fourth Block in Prefix ID of IPv6 Address: 0000

Bit Numbers

Bit Value

FFF8: Fourth Block in Mask

0000: Fourth Block in IPv6 Address

Bit Setting:

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

15

14

13

12

11

10

9

8

7

6

5

4

3

2

1

0

F F F 8

= 1 (On)

 

= 0 (Off)

 

 

 

Figure 6-7. Example: How a Mask Determines Authorized IPv6 Manager Addresses by Subnet

6-10

Page 138
Image 138
HP IPv6 5400zl, IPv6 6200yl, IPv6 2900, IPv6 3500yl manual Ffff FFF8