HP (Hewlett-Packard) 2910AL manual
- Consulta online o descarga el manual de instrucciones
- 194 páginas
- 2.42 mb
Ir a la página of
manuales de instrucciones parecidos
-
Switch
HP (Hewlett-Packard) SB Series
40 páginas 0.27 mb -
Switch
HP (Hewlett-Packard) JD312B
157 páginas 1.7 mb -
Switch
HP (Hewlett-Packard) C-Series
28 páginas 0.25 mb -
Switch
HP (Hewlett-Packard) Class MMS and MRS
29 páginas 1.67 mb -
Switch
HP (Hewlett-Packard) J9079A
57 páginas 0.8 mb -
Switch
HP (Hewlett-Packard) 4108GL
418 páginas 5.19 mb -
Switch
HP (Hewlett-Packard) 1700-24
56 páginas 0.75 mb -
Switch
HP (Hewlett-Packard) 5697-7483
62 páginas 1.42 mb
Buen manual de instrucciones
Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones HP (Hewlett-Packard) 2910AL. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica HP (Hewlett-Packard) 2910AL o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.
¿Qué es un manual de instrucciones?
El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual HP (Hewlett-Packard) 2910AL se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.
Desafortunadamente pocos usuarios destinan su tiempo a leer manuales HP (Hewlett-Packard) 2910AL, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.
Entonces, ¿qué debe contener el manual de instrucciones perfecto?
Sobre todo, un manual de instrucciones HP (Hewlett-Packard) 2910AL debe contener:
- información acerca de las especificaciones técnicas del dispositivo HP (Hewlett-Packard) 2910AL
- nombre de fabricante y año de fabricación del dispositivo HP (Hewlett-Packard) 2910AL
- condiciones de uso, configuración y mantenimiento del dispositivo HP (Hewlett-Packard) 2910AL
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas
¿Por qué no leemos los manuales de instrucciones?
Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de HP (Hewlett-Packard) 2910AL no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de HP (Hewlett-Packard) 2910AL y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico HP (Hewlett-Packard) en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de HP (Hewlett-Packard) 2910AL, como se suele hacer teniendo una versión en papel.
¿Por qué vale la pena leer los manuales de instrucciones?
Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo HP (Hewlett-Packard) 2910AL, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.
Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual HP (Hewlett-Packard) 2910AL. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.
Índice de manuales de instrucciones
-
Página 1
IPv6 Configuration Guide Pr oCurv e Switches W . 1 4.03 29 10al www .procurv e.com[...]
-
Página 2
[...]
-
Página 3
HP ProCurve 2910al Switch February 2009 W .14.03 IPv6 Configuration Guide[...]
-
Página 4
© Copyright 2009 Hewlett-Pa ckard Development Company, L.P . The information contain ed herein is subject to ch ange with- out notice. All Rights Reserved. This document contains proprie tary information, which is protected by copyright. No pa rt of this document may be photocopied, reproduced, or translated into another language without the prior[...]
-
Página 5
Contents About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Software Feature Index . . . . . . [...]
-
Página 6
2 Introduction to IPv6 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 7
Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15 Loopback Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15 Debug/Syslog Enha[...]
-
Página 8
Global Unicast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Stateless Autoconfig uration of a Glo bal Unicast Address . . . . . . . . . 3-16 Static Configuration of a Global Unicast Address . . . . . . . . . . . . . . . 3-17 Prefixes in Routable IPv6 Addr esses . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 9
Statically Co nfiguring An Anyc ast Address . . . . . . . . . . . . . . . . . . . . . 4-14 Duplicate Address Detection (DAD) for Statically Configured Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Disabling IPv6 on a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Ne[...]
-
Página 10
Viewing the Current Inbo und Telnet6 Configuration . . . . . . . . . . . . . . 5-8 SNTP and Timep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 Configuring (Enabl ing or Disabling) the SN T P Mode . . . . . . . . . . . . . 5-9 Configuring an IPv6 Address for an SNTP Server . . . . . . . . . . . . . [...]
-
Página 11
7 Multicast Listener Disc overy (MLD) Snooping Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Introduction to MLD Snooping . . . . . . . . . . . . . . . . . [...]
-
Página 12
A Terminology Index x[...]
-
Página 13
Product Documentation About Y our Switch Manual Set Note For the latest version of all ProCur ve switch documentation, including Release Notes covering re cently added features, please visit the ProCurv e Networking W eb site at www .procurve.com, c lick on Cu stomer Care , and then click on Manuals . Printed Publications The publication s listed b[...]
-
Página 14
Software Feature Index For the software manual se t supporting your 2910al sw itch model, this feature index indicate s which manual to consult for in formation on a given software feature. Note This Index does not cover IPv6 capable software features. Fo r information o n IPv6 protocol operations and features (such as DHCPv6 , DNS for IPv6, Ping6,[...]
-
Página 15
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide DHCP/Bootp Operation Diagnostic T ools Downloading Software X X X Dynamic ARP Protection Dynamic Configuration Arbiter Eavesdrop Protection Event Log X X X X Factory Default Settings Flow Control (802.3x) F[...]
-
Página 16
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide MAC Lockdown X MAC Lockout MAC-based Authentication Management VLAN Monitoring and Analysis Multicast F iltering Multiple Configuration Files Network Management Applications (SNMP) OpenView Device Managemen[...]
-
Página 17
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide RMON 1,2,3,9 Routing Routing - IP Static X X X Secure Copy sFlow SFTP SNMPv3 X X X X Software Downloads (SCP/SFTP , TFPT , Xmodem) Source-Port Filters Spanning T ree (STP , RSTP , MSTP) SSHv2 (Secure Shell)[...]
-
Página 18
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide Vo i c e V L A N W eb Authentication RADIUS Support W eb-based Authentication W eb UI Xmodem X X X X X xvi[...]
-
Página 19
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 20
Getting Started Introduction Introduction This guide is intende d for use with the followin g switches: ■ HP ProCurve 2910al Switch It describes how to use the command l in e interface (C LI), Menu interface, and web browser to conf igure, manage, monitor , and troubleshoot swit ch opera- tion. For an ove rview of othe r produc t documentation fo[...]
-
Página 21
Getting Started Conventions ■ Boldface indicates use of a CLI command, part of a CLI command syntax, or other displayed element in general text. For example: “Use the copy tftp command to download the key from a TFTP ser ver .” ■ Italics indicate variables for which yo u must supply a value when execut- ing the command. For example, in this[...]
-
Página 22
Getting Started Sources for More Information Keys Simulations o f actual keys use a bold, sa ns-serif typeface with square brackets. For example, the T ab key appears as [T ab] and the “Y” key appears as [Y] . Sources for More Information For information about switch operation and features no t covered in this guide, consult the f ollowing sour[...]
-
Página 23
Getting Started Sources for More Information • port configurati on, trunking, traffic control, and PoE operation • SNMP , LLDP , and ot her network management topi cs • file transfers, switch monitoring, troub leshooting, and MAC address management ■ Advanced T raffic Management Guide —Use this guid e for information o n topics such as: ?[...]
-
Página 24
Getting Started Sources for More Information Getting Documentation From the W eb T o obtain th e latest versions of documentati on and release notes for your switch: 1. Go to the ProCurve Networking web site at www .procurve.com 2. Click on Customer Care . 3. Click on Manuals . 4. Click on the pr oduct for which yo u want to view or download a manu[...]
-
Página 25
Getting Started Sources for More Information Command Line Interface If you need i nformation on a specific comm and in the CLI, type the command name fo llowed by help . For example: Figure 1-3. Example of CLI Help W eb Browser Interface If you need information on specific features in the Pro Curve W eb Browser Interface (hereafter referred to as t[...]
-
Página 26
1 Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing If you just want to give th e switch an IP address so that it can communicate on your network, or if you are not us ing VLANs, ProCurve recommends that you use the Switch Setup sc reen to quickly configure IP addressing. T o do so, do one of the following: ■ Enter s[...]
-
Página 27
2 Introduction to IPv6 Contents Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Dual-Stack Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 28
Introduction to IPv6 Contents ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Traceroute6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 29
Introduction to IPv6 Migrating to IPv6 Migrating to IPv6 T o successfully migrat e to IPv6 involves mainta ining compatibilit y with the large installed base of IPv4 hosts an d routers for the immedi ate future. T o achieve this purpose, softwa re release K.1 3.01 supports dual-stack (IPv4/IPv6) operation and connections to IPv6-aware routers for r[...]
-
Página 30
Introduction to IPv6 Migrating to IPv6 IPv6 Propagation IPv6 is currently i n the early stag es of deployment worldwide, involving a phased-in migration led by the application of basic IPv6 functi onality . In these applications, IPv6 traffic is switched among IPv6-capable de vices on a given LAN, and routed between LANs using IPv6-capable router s[...]
-
Página 31
Introduction to IPv6 Migrating to IPv6 Connecting to Devices Supp orting IPv6 Over IPv4 T unneling The switches covered by this guide can interoperate with IPv6/IPv4 devices capable of tunneling IPv6 tr affic across an IPv4 infras tructure. Some examples include: ■ traffic between IPv6/IPv4 routers (router/router) ■ traffic between a n IPv6/I P[...]
-
Página 32
Introduction to IPv6 Use Model Use Model Adding IPv6 Capability IPv6 was designed by the Internet Engineer ing T ask Force (IETF) to i mprove on the scalability , security , ease of configuration, and network management capabilities of IPv4. IPv6 provides increased flexibility an d connectivity for ex isting networke d devices, addresses the limite[...]
-
Página 33
Introduction to IPv6 Configuration and Management The next three sections ou tline the IPv6 features supported in software release K.13.01. Configuration and Management This section ou tlines the con figurable manageme nt features supporting IPv6 operation on you r ProC urve IPv6-ready switch. Management Features Software release K.13.01 provides h[...]
-
Página 34
Introduction to IPv6 Configuration and Management and the interface identifier currently in use i n the link-local address. Having a global unicast address and a connection to an IPv6- aware ro uter enables IPv6 traffic on a VLAN to be routed to ot her VLANs supporting IPv6-aware device s. (Using software release K.13.01, an e xtern al, IPv6 - awar[...]
-
Página 35
Introduction to IPv6 Configuration and Management Note In IPv6 for the switches co vered in this guide, th e default route cannot be statically configured. Al so, DHCPv6 does not include default route configur a- tion.) Refer to “Default IPv6 Router” on page 4-28 and “View IPv6 Gateway , Route, and Router Neighbors ” on page 4-29. Neighbor [...]
-
Página 36
Introduction to IPv6 Configuration and Management IPv6 Management Features The switch's IPv6 management fe atures support operation in an environment employing IPv6 servers and management stations.With a link to a properly configured IPv6 router , switch managem ent extends to rout ed traffic solu- tions. (Refer to the docu mentation provided [...]
-
Página 37
Introduction to IPv6 Configurable IPv6 Security IP Preserve IP Preserve operation preserves both the IPv4 and IPv6 addresses config ured on VLAN 1 (the default VLAN) when a configurati on file is downlo aded to the switch using TFTP . Refer t o “IP Preserve for IPv6” on page 5-23. Multicast Listener Discovery (MLD) MLD oper ates in a manne r si[...]
-
Página 38
Introduction to IPv6 Configurable IPv6 Security supported between the switch and IPv6 management stations when SSH on the switch is also configur ed for IPv6 operation. Th e switch now offers these SSHv2 connect ion types: ■ IPv6 only ■ IPv4 only ■ IPv4 or IPv6 The switch supports up to six inbound sessions of the following type s in any comb[...]
-
Página 39
Introduction to IPv6 Diagnostic and Troubleshooting Caution The Authorized IP Managers feature do es not protect against unauthorized station access through a mode m or direct connection to the Console (RS-2 32) port. Also, if an unauth oriz ed station “spoofs” an auth orized IP address, then the unauthorized stati on cannot be blocked by the A[...]
-
Página 40
Introduction to IPv6 Diagnostic and Troubleshooting Domain Name System (DNS) Resolution This feature enables resolving a host na me to an IPv6 address and the reverse, and takes on added importance over its IPv4 coun terpart du e to the e xtended length of IPv6 addresses. W ith DN S-compatible commands, CLI command entry becomes easier for reaching[...]
-
Página 41
Introduction to IPv6 IPv6 Scalability SNMP When IPv6 is enabled on a VLAN interf ace, y ou can manage the switch from a network management stati on configured with an IPv6 address. Refer to “SNMP Management for IPv6” on pa ge 5-20. Loopback Address Like the IPv4 loopback address, the IPv6 loopback address (::1) can be used by the switch to send[...]
-
Página 42
Introduction to IPv6 Path MTU (PMTU) Discovery Path MTU (PMTU) Discovery IPv6 PMTU operation is managed auto matically by the IPv 6 nodes between the source and destination of a transmission. For Ethernet frames, the default MTU is 1500 bytes. If a router on th e path cannot forward the default MTU size, it sends an ICMPv6 message (P KT_TOO_BIG) wi[...]
-
Página 43
3 IPv6 Addressing Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 IPv6 Address Structure and Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Address Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Address Not[...]
-
Página 44
IPv6 Addressing Contents Prefixes in Routable IPv6 Addr esses . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18 Unique Local U nicast IPv6 Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19 Anycast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20 Multicast Ap plication to [...]
-
Página 45
IPv6 Addressing Introduction Introduction IPv6 supports mult iple ad dresses on an interface, and uses them in a manner comparable to subnetting an IPv4 VLAN . For example, where the switch is configured with multiple VLANs and each is connected to an IPv6 router , each VLAN will have a sing le link-local ad dress and one or more global unicast add[...]
-
Página 46
IPv6 Addressing IPv6 Address Structure and Format An IPv6 address includes a network prefix and an in terface identifier . Network Prefix The network prefix (high- order bits) in an IPv6 address begins with a well- known, fixed pref ix for defining the address type. S ome examples of well- known, fixed prefixes are: 2000::/3global (routable) unicas[...]
-
Página 47
IPv6 Addressing IPv6 Addressing Options IPv6 Addressing Options IPv6 Address Sources IPv6 addressing sources pr ovide a flexible methodol ogy for assigning addresses to VLAN interfaces on the switch. Options include: ■ stateless IPv6 autoconfiguration on VLAN interfaces includes: • link-local unica st addresses • global unicast addresses ■ [...]
-
Página 48
IPv6 Addressing IPv6 Addressing Options Stateful Address Autoconfiguration. This method allows use of a DHCPv6 server to automatically c onfig ure IPv6 addressing on a host in a manner similar to stateful IP addressi ng with a DHCPv4 server . For software release K.13.01, a DHCPv6 server can pr ovide routable IPv6 ad dressing and NTP (timep) server[...]
-
Página 49
IPv6 Addressing IPv6 Address Sources IPv6 Address Sources IPv6 addressing sources pr ovide a flexible methodol ogy for assigning addresses to VLAN interfaces on the switch. Options include: ■ stateless IPv6 autoconfiguration on VLAN interfaces includes: • link-local unica st addresses • global unicast addresses ■ stateful IPv6 address c onf[...]
-
Página 50
IPv6 Addressing IPv6 Address Sources servers. These lifetimes cannot be rese t using control from the switch console or SNMP method s. Refer to “Preferred and V alid Addr ess Lifetimes” on page 3- 25. Stateful (DHCPv6) Ad dress Configuration Stateful addresses are defined by a system administrator or ot her authority , and automatically assigne[...]
-
Página 51
IPv6 Addressing IPv6 Address Sources Static Address Configuration Generally , static address conf iguration should be used w hen you want specific, non-default addressing to be assigned to a VLAN interface. For IPv6, DHCP use is indic ated for conditions such as the following: ■ address conventions used in your network require defi ned control ?[...]
-
Página 52
IPv6 Addressing Address Types and Scope Address T ypes and Scope Address T ypes IPv6 uses these IP address types: ■ Unicast: Identifi es a specific IPv6 interf ace. T raffic havi ng a unicast destination a ddress is intended for a single interface. Like IPv4 addresses, unicast addresses can be assigned to a specific VLAN on the switch and to othe[...]
-
Página 53
IPv6 Addressing Address Types and Scope Address Scope The address scope determines the ar ea (topology) in which a given IPv6 address is used. This section provid es an overview of IPv6 address types. For more information, refer to the chapter ti tled “IPv6 Addressing”. Link-Local Address. Limited to a g iven interfa ce (VLAN). Enabling IPv6 on[...]
-
Página 54
IPv6 Addressing Address Types and Scope In binary notation, the fixed prefi x for link-local prefixes is: 1111 1110 10 = fe80/10 For more on link-local a ddr esses, refer to “Link-Lo cal Unicast Address” on page 3-13. Routable Global Unicast Prefix. This we ll-known 3-bit f ixed-prefix ind i- cates a routable address used to identify a device o[...]
-
Página 55
IPv6 Addressing Link-Local Unicast Address Other Prefix T ypes. There are other designated global unicast pre fixes such as those for the following address types: ■ RFC 4380: “T eredo: T unneling IPv 6 over UDP” ■ RFC 3056: “Connection of IPv6 Domains via IPv4 Clouds” ■ RFC 4214: “Intra-Site Automatic T unnel Addressing Protocol (IS[...]
-
Página 56
IPv6 Addressing Link-Local Unicast Address Note Because al l VLANs configured on the switch us e the same MAC addre ss, all automatically generated lin k-local addresses on the switch wi ll have the same link-local address. However , since the scope of a link- local address includes only the VLAN on whic h it was generated, this sh ould not be a pr[...]
-
Página 57
IPv6 Addressing Link-Local Unicast Address MAC Address IPv6 I/F Identifier Full Link-Local Unicast Address 00-15-60-7a-ad-c0 215:60ff:fe7a: adc0 fe80::215:60ff:fe7a:adc0/64 09-c1-8a-44-b4-9d 11c1:8 aff:fe44:b49d fe80::11c1:8aff:f e44:b49d/64 00-1a-73-5a-7e-57 21a:73ff:fe5a:7 e57 fe80::21a:73f f:fe5a:7e57/64 The EUI me thod of g enerating a l ink-l [...]
-
Página 58
IPv6 Addressing Global Unicast Address Global Unicast Address A global unicast address is required for unicast traffic to be routed across VLANs within an organization as well as acro ss the public internet. T o support subnetting, a VLAN can be configured wi th multiple global unic ast addresses. Any of the fo llowing methods can be used t o confi[...]
-
Página 59
IPv6 Addressing Global Unicast Address ■ generate a link-local address on the VL AN as described in the preceding section (page 3-13). ■ transmit a router solicit ation on the VLAN, and to listen for advertise- ments from any IPv6 routers on the VLAN. For each unique router advertisement (RA) the switch receives fr om any router(s), the switch [...]
-
Página 60
IPv6 Addressing Global Unicast Address Prefixes in Routable IPv6 Addresses In routable IPv6 addresses, the prefix uniquely identifies an entity and a unicast subnet within that entity , and is defined by a length value specifying the number of leftmos t contiguous (high-order) bits co mprising the prefix. For an automatically generated global unica[...]
-
Página 61
IPv6 Addressing Unique Local Unicast IPv6 Address Unique Local Unicast IPv6 Address A unique local unicast address i s an addr ess that falls within a spec ific range, but is used only as a global unicast ad dress within an or ganization. T raffic having a source address with in the defined range should not be allowed beyond the borders of the inte[...]
-
Página 62
IPv6 Addressing Anycast Addresses Anycast Addresses Network size, traffic loads and the pot ential for network changes make it desirable to buil d in redundancy for some n etwork services to prov ide increased service reliabilit y . Anycast addressing prov ides this capability for applications wh ere it does not matter wh ich source is actually use[...]
-
Página 63
IPv6 Addressing Multicast Application to IPv6 Addressing For related information, refer to: ■ RFC 4291: “IP V ersi on 6 Addressing Architecture” ■ RFC 2526: “Reserved IPv6 Su bnet A nycast Addresses” Multicast Application to IPv6 Addressing Multicast is used to reduce traffic for applications that ha ve more than on e recipient for t he[...]
-
Página 64
IPv6 Addressing Multicast Appl ication to IPv6 Addressing For informati on on Multicast Listener Discovery (MLD) refer to the chapter titled “Multi cast Listener Discovery (MLD) Snoopi ng”. When MLD is enabled on an interface, you can use show ipv6 m ld [ vlan < vid >] to list the activ e multicast group ac tivity the switch has de tected[...]
-
Página 65
IPv6 Addressing Multicast Application to IPv6 Addressing ■ multicas t scope: Bits 13-16 set boundaries on multicast traffic distribu- tion, such a s the interface defined by the link-local unicast address of an area, or the network b oundaries of an organization. Because IPv6 uses multicast technology in pl ace of the broadcast technology used in[...]
-
Página 66
IPv6 Addressing Loopback Address fe90::215:60ff:fe7a:adc0 then the corresponding soli cited-node multicast address is ff02:0:0:0:0: 1:ff7a:adc0 For related information, refer to: ■ RFC 2375: IPv6 Multicast Address Assignments ■ RFC 3306: Unicast-Prefix-based IPv6 Multic ast Addresses ■ RFC 3956: Embedding the Rendezvous Point (RP) Address in [...]
-
Página 67
IPv6 Addressing The Unspecified Address The Unspecified Address The “unspecified” address is defined as 0.0. 0.0.0.0.0.0 (::/128, or just ::). It c an be used, for example, as a temporary so urce address in multicast traffic sent by an interface that has not yet acquir ed its own address. The unspecified address cannot be statically configured [...]
-
Página 68
IPv6 Addressing IPv6 Address Deprecation Notes Preferred and valid lifetimes on a VLAN interface are determin ed by the router advertisements received on the interface. These values are not affected by the lease time assigned to an address by a DHC Pv6 server . Tha t is, lease expiration on a DHCPv6- assigned address termi nates use of th e address[...]
-
Página 69
4 IPv6 Addressing Configuration Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Enabling IPv6 with an Automatically Enabling Automati c Configuration of a Global Unicast Address and a Default Duplicate Address Detection (DAD) for Statically General Configuration St eps . [...]
-
Página 70
IPv6 Addressing Configuration Contents Router Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Router Solicitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Default IPv6 Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 71
IPv6 Addressing Configuration Introduction Introduction Feature Default CLI Enable IPv6 with a Link-Local Address disabled 4-6 Configure Global Unicast disabled 4-7 Autoconfig Configure DHCPv6 Addressing disabled 4-9 Configure a Static Link-Local None 4-12 Address Configure a Static Global Unicast None 4-13 Address Configure an Anycast Address None[...]
-
Página 72
IPv6 Addressing Configuration General Configuration Steps General Configuration Steps The IPv6 configuration on switches runn ing software re leas e K.13.01 includes global and per -VLAN settings. This sectio n provides an overview of the general configuration steps for enab ling IPv6 on a given VLAN and can be ena bled by any one of several comman[...]
-
Página 73
IPv6 Addressing Configuration Configuring IPv6 Addressing 4. If needed, st atically config ure IP v6 unicast addressi ng on the VLAN interface as needed. This can include any of the following: • statically repl acing the automati cally generated link-local a ddress • statically adding glob al unicast, unique local unicast, and/or anycast addres[...]
-
Página 74
IPv6 Addressing Configuration Enabling IPv6 with an Automatically Con figured Link-Local Address Enabling IPv6 with an Automatically Configured Link-Local Address This command enables au tomatic configuration of a link-local ad dress. Syntax: [no] ipv6 enable If IPv6 has not already been enabled on a VLAN by anoth er IPv6 command option described i[...]
-
Página 75
IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Rout er Ide ntity on a VLAN Enabling Automatic Configuration of a Global Unicast Address and a Default Router Identity on a VLAN Enabling autoconfig or rebooting the switch with autoco nfig enabled on a VLAN causes the swi tch to configure IPv6[...]
-
Página 76
IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Router Identity on a VLAN — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned to a VLAN by aut oconfig uration is set to the preferred and valid lifetimes specified by the RA used to gener[...]
-
Página 77
IPv6 Addressing Configuration Enabling DHCPv6 Enabling DHCPv6 Enabling the DHCPv6 option on a VLA N a llows the swi tch to obtain a global unicast address and an N TP (network time prot ocol) server assignmen t for a T imep server . (If a DHCPv6 server is not needed to provide a g lobal unicast address to a switch interface, the server can still be[...]
-
Página 78
IPv6 Addressing Configuration Enabling DHCPv6 — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned to the VLAN by an DHCPv6 server is set to the preferred and valid lifetimes sp ecified in a router advertise- ment received on the VLAN for the prefix used in the assigned address, and is configur[...]
-
Página 79
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN ■ DHCPv6 and statically configured global unicast or anycast addresses are mutually exclusive on a given VLA N . That is, configuring DHCPv6 on a VLAN erases any static global unic ast or anycast addresses previously configured on that VLAN, and the revers e. (A statically[...]
-
Página 80
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-Local Unicast Address Syntax: [no] ipv6 address fe80::< device-ide ntifier > link-local ■ If IPv6 is not already enable d on the VLAN, this command enables IPv6 and configures a static link-local address. ■ If IPv6 is already enabled on[...]
-
Página 81
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Statically Configuring A Global Unicast Address Syntax:. [no] ipv6 address < network-prefix><d evice-id >/< prefix-length > [no] ipv6 address < network-pref ix>::/< prefix-length > eui-64 If IPv6 is not already enabled on a VLAN, either of these[...]
-
Página 82
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Operating Notes ■ W ith IPv6 enabled, the switch determ ines the default IPv6 router for the VLAN from the router advertisements it receives. (Refer to “Router Access and Default Router Selection” on page 4-27.) ■ If DHCPv6 is configured on a VLAN, then configuring a [...]
-
Página 83
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Syntax:. [no] ipv6 address < network-prefix >< device-ide ntifier >/< prefix-length > anycast If IPv6 is not already enabled on a VLAN, this command option does the following: ■ enables IPv6 on the VLAN ■ configures a link-local add ress using the EUI-6[...]
-
Página 84
IPv6 Addressing Configuration Disabling IPv6 on a VLAN Duplicate Address Detect ion (DAD) for Statically Configured Addresses Statically configured IPv6 addresses are designated as permanent. If DAD determines t hat a statically configured ad dress duplica tes a previousl y config- ured and reachable add ress on another device belonging to the VLA [...]
-
Página 85
IPv6 Addressing Configuration Neighbor Discovery (ND) Neighbor Discovery (ND) Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP for layer 2 address resolution, and uses IPv6 IC MP messages to do the following: ■ Determine the link-lay er address of neighbors on the same VLAN inter - face. ■ V erify that a ne ighbor is reachable. ?[...]
-
Página 86
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Note: Neighbor and rout er solicitations must ori ginate on the same VLAN as the receiving device. T o support this operation, IPv6 is designed to discard any incoming neighbor or router solicitation that does not have a value of 255 in the IP Hop Limit field. For a complete list of re[...]
-
Página 87
IPv6 Addressing Configuration Duplicate Address Detection (DAD) that includes its link-local a ddress. If the newly configured address is from a static or DHCPv6 source and is found t o be a duplicate, it is labelled as duplicate in the “Address Status” field of the show ipv6 c ommand, and is not used. If an auto configured address is fo und to[...]
-
Página 88
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Operating Notes ■ A verified link-local unicast address must exist on a VLAN interface before the switch can run DAD on other addr esses associated with the interface. ■ If a previously configured unicast ad dress is changed, a neighbor adver - tisement (an all-nodes multicast mess[...]
-
Página 89
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration V iew the Current IPv6 Addressing Configuration Use these commands to view the current status of the IPv 6 configuration on the switch. Syntax: show ipv6 Lists the current, global IPv6 settings and per -VLAN IPv6 addressing on the switch. IPv6 Routing: For software release[...]
-
Página 90
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Address Origin: ■ Autoconfig: The address was configured using stateless address autoconfiguration (S LAAC). In this case, the device identifier for global uni cast addresses copied from the current link-loc al unicast address. ■ DHCP: The address was assigned by a DHC[...]
-
Página 91
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts : 3 Vlan Name : DEFAULT_VLAN IPv6 Status : Disabled Vlan Name : VLAN10 IPv6 Status : Enabled Address | Address Origin | IPv6 Address/Prefix[...]
-
Página 92
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ■ DAD Attempts: Indicates the number of neighbor solicita- tions the switch transmit s per -address for duplicate (IPv6) address detection. Implemented when a new address is configured or when an interface with config- ured addresses comes up (such as after a reboot). Th[...]
-
Página 93
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 vlan 10 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts : 3 Vlan Name : VLAN10 IPv6 Status : Enabled IPv6 Address/Prefixlength Expiry ------------------------------------ ------- --------[...]
-
Página 94
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show run Running configuration: . . . vlan 10 name "VLAN10" untagged A1-A12 ipv6 address fe80::127 link-local Statically config ured IPv6 addresses appear i n the show run output. ipv6 address 2001:db8::127/64 ipv6 address 2001:db8::15:101/64 an[...]
-
Página 95
IPv6 Addressing Configuration Router Access and Default Router Selection Router Access and Default Router Selection Routing traffic between destin ations on different VLANs configured on the switch or to a destination on an of f-swit ch VLAN is done by placing the switch on the same VLAN interface or subnet as an IPv6-capable router configured to r[...]
-
Página 96
IPv6 Addressing Configuration Router Access and Default Router Selection Note If the switch does not re ceive a router advertisement after sending the router solicitations, as described above, then no further router solicitations are sent on that VLAN unle ss a new IPv6 settin g is configured, IPv6 on the VLAN is disabled, then re-enable d, or the [...]
-
Página 97
IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors V iew IPv6 Gateway , Route, and Router Neighbors Use these commands to view the switch 's current routing table content and connectivity to routers per VLAN. This i n cludes information re ceived in router advertisements from IPv6 rout ers on VL ANs enabled with IPv6[...]
-
Página 98
IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors ProCurve(config)# show ipv6 route IPv6 Route Entries Dest : ::/0 “Unknown” Address Type : static Gateway : fe80::213:c4ff:fedd:14b0 %vlan10 Dist. : 40 Metric : 0 Dest : ::1/128 Loopback Address Type : connected Gateway : lo0 Dist. : 0 Metric : 1 Dest : 2001:db8:a03:e10[...]
-
Página 99
IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors MTU: This is the Maximum T ran smission Unit (in bytes) allowed for frames on the path to the indicated router . Hop Limit: The maximum number of router hops allowed. Prefix Advertised: Lists the prefix and prefix size (number of leftmost bits in an address) or iginating [...]
-
Página 100
IPv6 Addressing Configuration Address Lifetimes Address Lifetimes Every configured IPv6 unic ast and anycas t address has a lifetime setting that determines how long the address can be used b efore it must be refreshed or replaced. Some addresses are set as “p ermanent” and do n ot expire. Othe rs have both a “preferred” and a “valid” l[...]
-
Página 101
IPv6 Addressing Configuration Address Lifetimes T able 4-1. IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Link-Local Permanent Statically Configured Uni cast or Anycast Permanent Autoconfigured Global Finite Preferred and V alid Lifetimes DHCPv6-Configured Finite Preferred and V alid Lifetimes A new , preferred address used as a[...]
-
Página 102
IPv6 Addressing Configuration Address Lifetimes 4-34[...]
-
Página 103
5 IPv6 Management Features Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Viewing and Clearing the IPv6 Neighbors Cache . . . . . . . . . . . . . . . . 3-2 Viewing the Neighbor Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Clearing the Nei[...]
-
Página 104
IPv6 Management Features Introduction Introduction Feature Default CLI Neighbor Cache n/a 5-3, 5-5 T elnet6 Enabled 5-6, 5-7, 5-8 SNTP Address None 5-10 T imep Address None 5-13 TFTP n/a 5-15 SNMP T rap Receivers None 5-21 This chapter focuses on the IPv6 ap plicatio n of managem ent fe atures in software release K.13.01 that support both IPv6 and [...]
-
Página 105
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache V iewing the Neighbor Cache Neighbor discovery occurs when th ere is communication be tween IPv6 devices on a VLAN. The Neighbor Cache re tains data for a given neighbor until the entry times out. For more on this topi c, refer to “Neighbor Discovery (ND)” on page 4-17. Synt[...]
-
Página 106
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache — Continued from previous page. — • ST ALE : A timeout has occurred for reachability of the neigh- bor , and an unsolicited discov ery packet has been received from the neighbor address. If the path to the neighbor is then used successfully, this state is restored to REACH[...]
-
Página 107
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Clearing the Neighbor Cache When there is an eve nt such as a to pology change or an address change, the neighbor cache may have too many entries to allow ef ficient use. Also, if an unauthorized client is an swering DAD or normal neighbor solicitations with invalid repl ies, th[...]
-
Página 108
IPv6 Management Features Telnet6 Operation T elnet6 Operation This section describes T elnet operati on for IPv6 on th e switch. For IPv4 T elne t operation, refer to the Management and Configurat ion Guide for your switch. Outbound T elnet6 to Another Device Syntax: telnet < link-local-addr >%vlan< vid > telnet < global-unicast -add[...]
-
Página 109
IPv6 Management Features Telnet6 Operation V iewing the Current T eln et Activity on a Switch Syntax: show telnet This command shows the active incoming and outgoing telnet sessions on the switch (for both IPv4 and IPv6). Command output includes the followin g: Session: The session number . The swit ch allows one outbound session and up to five inb[...]
-
Página 110
IPv6 Management Features Telnet6 Operation Enabling or Disabling Inbound T elnet6 Access Syntax: [ no ] telnet6-server This command is used at the glob al config level to enable (the default) or disable inbound T elnet6 access to the switch. The no form of the command disables inbound telnet6. Note: T o disable inbound T eln et access completely, y[...]
-
Página 111
IPv6 Management Features SNTP and Timep SNTP and T imep Configuring (Enabling or Disabling) the SNTP Mode Software r elease K.13.01 enables config uration of a g lobal unicast a ddress for IPv6 SNTP time server . This section lists the SNTP and relate d c ommands, includi ng an example of using an IPv6 address. Fo r the details of configuring SNTP [...]
-
Página 112
IPv6 Management Features SNTP and Timep Configuring an IPv6 Addr ess for an SNTP Server Note T o use a global unicast IPv6 address to configure an IPv6 SNTP time se rver on the switch, th e switch must be receiving ad vertisements from an IPv6 router on a VL AN configured on t he switch. T o use a link-local IPv6 address to config ure an IPv6 SNTP [...]
-
Página 113
IPv6 Management Features SNTP and Timep For example, to configure link-local and global unicast SNTP server addresses of: ■ fe80::215:60ff:fe7a:adc0 (on VLAN 10, configured on the switch) ■ 2001:db8::215:60 ff:fe79 :8980 as the priority “1” and “2” SNTP server s, respectively , using version 7, you would enter these commands at the gl o[...]
-
Página 114
IPv6 Management Features SNTP and Timep For example, the show sntp output for the prece ding sntp server command example would appear as follows: ProCurve(config)# show sntp SNTP Configuration This example illustrates the command output when both Time Sync Mode: Sntp IPv6 and IPv4 server addresses are configured. SNTP Mode : Broadcast Poll Interval[...]
-
Página 115
IPv6 Management Features SNTP and Timep ip timep manual < ipv6-addr > Enable T imep operation with a statically config ured [ interval < 1 - 9999 >] IPv6 address for a T imep se rver . Optionally change the interval between time re quests. no ip timep Disables T imep operation. T o re-enable T imep, it is necessary to reconfigure eithe [...]
-
Página 116
IPv6 Management Features SNTP and Timep ProCurve(config)# ip timep manual fe80::215:60ff:fe7a:adc0%vlan10 Note In the preceding example, using a link- l ocal address requires that you specify the local scope for the address; VLAN 10 in this case. This is al ways indicated by %vlan followed immediately (without sp aces) by the VLAN identifie r . For[...]
-
Página 117
IPv6 Management Features TFTP File Transfers Over IPv6 TFTP File T ransfers Over IPv6 TFTP File T ransfers over IPv6 Y ou can use TFTP copy commands over IPv6 to up load, or download files to and from a physically connected device o r a remote TFTP server , including: ■ Switch softw are ■ Software images ■ Switch configur ations ■ ACL comma[...]
-
Página 118
IPv6 Management Features TFTP File Transfers Over IPv6 Enabling TFTP for IPv6 TFTP for IPv6 is enabled by default on the sw itch. However , if it is disabled, you can re-enable it by spec ifying TFTP client or server functionality with the tftp6 < client | server > command. Enter the tftp6 < client | server > command at the global confi[...]
-
Página 119
IPv6 Management Features TFTP File Transfers Over IPv6 Using TFTP to Copy Files over IPv6 Use the TFTP copy commands described i n this section to: ■ Download specified files from a TFTP server to a switch on which TFTP client functionality is enabled. ■ Upload specified files fr om a switch, on wh ich TF TP server functionality is enabled, to [...]
-
Página 120
IPv6 Management Features TFTP File Transfers Over IPv6 . ■ flash < p rimary | secondary >: Copies a software file stored on a remote host to primary or secondary flash memory on the switch. T o run a newly downlo aded software image, enter the reload or boot system flash command. ■ pub-key-file : Copies a public-key file to the switch. ?[...]
-
Página 121
IPv6 Management Features TFTP File Transfers Over IPv6 < ipv6-addr >: If this is a link-local address, use this IPv6 address format: fe80::< device-id >%vlan< vid > For example: fe80::123%vlan10 If this is a global unicast or anycast address, use this IPv6 format: < ipv6-addr > For example: 2001:db8::123 Using Auto-TFTP for [...]
-
Página 122
IPv6 Management Features SNMP Management for IPv6 SNMP Management for IPv6 As with SNMP for IPv4, you can manage a switch via SNMP from an IPv6- based network management st ation by usin g an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). (For more on PCM and PCM+, go to the Pro Curve Networking web site at www .procurv[...]
-
Página 123
IPv6 Management Features SNMP Management for IPv6 SNMP Configuration Commands Supported IPv6 addressing is su pported in the followin g SNMP configurat ion command s: For more information on each SNMP conf iguration procedure, refer to the “Configuring for Network Ma nagement Applications” chapter in the current Management and Conf iguration Gu[...]
-
Página 124
SNMPv2c Inform configuration IPv6 Management Features SNMP Management for IPv6 The show snmp-server command displays the current SNMP policy configuration, incl uding SNMP communities, network secu rity notifications, link-change traps, trap receiv ers (includi ng the IPv4 or IPv6 addre ss) that can receive SNMPv1 and SNMPv2c traps, an d the source[...]
-
Página 125
IPv6 Management Features IP Preserve for IPv6 The show snmpv3 targetaddress command displays th e configuration (including the IPv4 or IPv6 address) of the SNMPv3 management st ations to which notification messages are se nt. ProCurve(config)# show snmpv3 targetadd ress snmpTargetAddrTable [rfc2573] Target Name IP Address Parameter ----------------[...]
-
Página 126
IPv6 Management Features IP Preserve f or IPv6 ; J8697A Configuration Editor; Creat ed on release #K.13.01 hostname "ProCurve" time daylight-time-rule None * * * * Entering an ip preserve statement as t he last line in a configuration file stored on a TFTP server allows you to download * and execute the file as the start up-config file on[...]
-
Página 127
IPv6 Management Features IP Preserve for IPv6 Note that if a switch received its IP v6 address from a DHCP serve r , the “ip address” field under “vlan 1” would display: dhcp-bootp . ProCurve(config)# show run Running configuration: ; J8715A Configuration Editor; Created on release #K.13.01 hostname "ProCurve" Because the switch?[...]
-
Página 128
IPv6 Management Features IP Preserve f or IPv6 5-26[...]
-
Página 129
6 IPv6 Management Security Features Contents IPv6 Management Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Authorized IP Managers for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Usage Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 130
IPv6 Management Security Features IPv6 Management Security IPv6 Management Security This chapter describes manageme nt secu rity features th at are IPv6 counter - parts of IPv4 management security featur es on the switches covered by this guide. Feature Default CLI configure authorized IP managers for IPv6 disabled 6-5 configuring secure shell for [...]
-
Página 131
IPv6 Management Security Features Authorized IP Managers for IPv6 Authorized IP Managers for IPv6 The Authorized IP Managers feature us es IP addresses and masks to deter - mine which stations (P Cs or workstat ions) can access the switch through the network. This feature supports swi tch access through: ■ T elnet and other terminal emulation app[...]
-
Página 132
IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Y ou configure each authorized manage r address wi th Manager or Opera- tor -level privi lege to access the swit ch in a T elnet, SNMPv1, or SNMPv2c session. (Access privilege for SSH, SNMPv3, and web browser sessions are configured through the access appl ication, not throug h t[...]
-
Página 133
IPv6 Management Security Features Authorized IP Managers for IPv6 Configuring Authorized IP Managers for Switch Access T o configure one or more IPv6-based management stations to access the switch using th e Authorized IP Managers feature, enter the ipv6 a uthorized- managers command Syntax: ipv6 authorized-managers <ipv 6-addr> [ ipv6-mask ][...]
-
Página 134
IPv6 Management Security Features Authorized IP Managers for IPv6 Notes If you do not enter a value fo r the ipv6-mask parameter when you configure an authorized IPv6 address, th e switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the defaul t mask (see “Configuring Authorized IP Managers for Switch Access” on page 6-5). If y[...]
-
Página 135
IPv6 Management Security Features Authorized IP Managers for IPv6 Conversely , in a mask, a “0” binary bit mean s that either the “ on” or “off” setting of the corresponding IPv6 bit in an au thorized address is valid and does not have to match th e setting of the same bit in the specifi ed IPv6 address. Figure 6-2 shows the binary expr[...]
-
Página 136
IPv6 Management Security Features Authorized IP Managers for IPv6 Example. Figure 6-3 shows an example in which a mask that authorizes switch access to four management stat ions is applied to the IPv6 address: 2001:DB8:0000:0000:244:17FF:FEB6:D37D . The mask is: FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC . 1st Block 2nd Block 3rd Block 4th Block 5th B[...]
-
Página 137
IPv6 Management Security Features Authorized IP Managers for IPv6 to 0 (“off”) and allow the correspondin g bits in an authorized IPv6 address to be either “on” or “off”. As a result, only th e four IPv6 ad dresses shown in Figure 6-5 are all owed access. 1st Block 2nd Block 3rd Block 4th Block 5th Block 6th Block 7th Block 8th Block IP[...]
-
Página 138
IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Each authorized station has the same 64-bit device ID ( 244:17FF:FEB6:D37D ) because the value of the last four blocks in the mask i s FFFF (binary value 1111 1111). FFFF req uires all bits in each correspon ding block of an authorized IPv6 address to have the same “on” or ?[...]
-
Página 139
IPv6 Management Security Features Authorized IP Managers for IPv6 Figure 6-7 shows the bits in the fourth block of the mask that determine the valid subnets in which authorized stat ions with an IPv6 device ID of 244:17FF:FEB6:D37D reside. FFF8 in the fourth block o f the mask means that bits 3 - 15 of the block are fixed and, in an authorized IPv6[...]
-
Página 140
-------------------------------------- - IPv6 Management Security Features Authorized IP Managers for IPv6 Displaying an Authorized IP Managers Configuration Use the show ipv6 authorized-ma nagers command to list the IPv6 stations authorized to access th e switch; for example: ProCurve# show ipv6 authorized-manager s IPv6 Authorized Managers Addres[...]
-
Página 141
IPv6 Management Security Features Authorized IP Managers for IPv6 Additional Examples of Au thorized IPv6 Managers Configuration Authorizing Manager Access. The following IPv6 co mmands authoriz e manager -leve l access for one link-local stat ion at a time . Note that when you enter a link-local IPv6 address with the ipv6 authorized-managers comma[...]
-
Página 142
IPv6 Management Security Features Authorized IP Managers for IPv6 The next IPv6 command authorizes oper ator -level access for sixty-four IPv6 stations: thirt y-two stations in the subne ts defined by 0x0006 and 0x0007 in the fourth block of an authorized IPv6 address: ProCurve(config)# ipv6 authorized-managers 2001:db8:0000:0007:231:17ff:fec5:c967[...]
-
Página 143
IPv6 Management Security Features Secure Shell for IPv6 Secure Shell for IPv6 The Secure Shell (SSH) for IPv6 featur e prov ides the sa me T elnet-like func- tions through encrypted, au thenticated transactions as SSH for IPv4. SSH for IPv6 provides CLI (console) access and se cure file transfer functionality . The following types o f tran sactions[...]
-
Página 144
IPv6 Management Security Features Secure Shell for IPv6 Note Syntax:. [ no] ip ssh Enables SSH on the switch and activates the connection with a configured SSH serv er (RADIUS or TACACS+). To disable SSH on th e switch, enter the no ip ssh com- mand. [ip-version < 4 | 6 | 4or6 >] IP version used for SSH co nnections on the switch: 4 accepts S[...]
-
Página 145
IPv6 Management Security Features Secure Shell for IPv6 Displaying an SSH Configuration T o verify an SSH for IPv6 configuratio n and display all SSH sessions running on the switch, enter th e show ip ssh command. Inform ation on all current S SH sessions (IPv4 and IPv6) is displayed. ProCurve(config)# show ip ssh SSH enabled : Yes Displays the cur[...]
-
Página 146
IPv6 Management Security Features Secure Copy and Secure FTP for IPv6 Secure Copy and Secure FTP for IPv6 Y ou can take advantage of the Secure Copy (SCP) and Secure FTP (SFTP) client applicati ons to provide a secure alternative to TFTP for transferring sensitive switch in formation, such as config uration files and login info rma- tion, between t[...]
-
Página 147
7 Multicast Listener Di scovery (MLD) Snooping Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Introduction to MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Configuring MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 148
Multicast Listener Discovery (MLD) Snooping Overview Overview Multicast add ressing allows one -to-many or many-t o-many comm unication among hosts on a net work. T ypical applicat ions of multicast commun ication include audio and video streaming, de sktop conferenci ng, collabor ative com- puting, and simi lar applications. Multicast Listener Dis[...]
-
Página 149
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Introduction to MLD Snooping There ar e several roles t hat network dev ices may play in an IPv6 multic ast environment: ■ MLD host — a network node that uses MLD to “join” (subscribe to) one or more multicast groups ■ multicas t router — a router that routes mu lt[...]
-
Página 150
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping General opera tion. Multicast communi cation can take place witho ut MLD, and by default MLD is disabl ed. In that case, if a switch receives a packet w ith a multicast destinati on address, it floods the packet to all ports in the same VLAN (except the port that it ca me in o[...]
-
Página 151
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Note that MLD snoop ing operates on a single VLAN (though t here can be multiple VLANs, each runni ng MLD snooping). Cross-VLAN traffic is handled by a multicast router . Forwarding in MLD snooping. When MLD snooping is active, a multicast packet is handled by the switch as fo[...]
-
Página 152
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping A network node establ ishes itself as an MLD host by issuing a multicast “join” request (also called a multicast “report”) for a specific multicast address when it starts an application that listens to multicast traffic . The switch to which the node is connected sees [...]
-
Página 153
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Fast leaves and forc ed fast leaves. The fast leave a nd forced fast leave functions can help to prune unnecessary mu lticast traffic when an MLD host issues a leave request from a multicas t a ddress. Fast leave is enabled by default and forced f ast leave is disabled by defa[...]
-
Página 154
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring MLD Several CLI commands are available for configuring MLD parameters on a switch. Enabling or Disabling MLD Snooping on a VLAN Syntax: [no] ipv6 mld Note: This command must be issued in a VLAN context. This command enables MLD snooping on a VLAN. Enabling MLD snooping applies [...]
-
Página 155
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring Per -Port MLD T raffic Filters Syntax: ipv6 mld [auto <port-list> | blo cked <port-list> | forward <port-list> ] Note: This command must be issued in a VLAN context. This command sets per -port traffic filters, which specify how each port should handle MLD tra[...]
-
Página 156
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring the Querier Syntax: [no] ipv6 mld querier Note: This command must be issued in a VLAN context. This command enables the switch to act as querier on a VLAN. The [no] form of the command disabl es the switch from acting as querier on a VLAN. The querier function is enabled by def[...]
-
Página 157
Multicast Listener Discovery (MLD) Snooping Configuring MLD For exampl e, to disable fast leave on ports in VLAN 8: ProCurve(vlan-8)# no ipv6 mld fast leave a14-a15 T o enable fast leave on ports in VLAN 8: ProCurve(vlan-8)# ipv6 mld fastlea ve a14-a15 Configuring Forced Fast Leave Syntax: [no] ipv6 mld forc edfastleave < port-list > Note: Th[...]
-
Página 158
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Displaying MLD Status and Configuration Current MLD Status Syntax: show ipv6 mld Displays MLD status informatio n for all VLANs on the switch that have MLD configured. show ipv6 mld vlan <vid> Displays MLD status for the specified VLAN vid —V L A N I D For e[...]
-
Página 159
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation ff02::1:ff04:3 FILT 0h:4m:5s A20 ff02::1:ff05:1 FILT 0h:4m:3s A21 ff02::1:ff0b:2dfe FILT 0h:3m:59s A17 ff02::1:ff0b:d7d9 FILT 0h:4m:4s A15 ff02::1:ff0b:da09 FILT 0h:4m:5s A18 ff02::1:ff0b:dc38 FILT 0h:4m:3s A19 ff02::1:ff0b:dc8d FILT 0h:4m:4s A20 ff02::1:ff0b:dd56 [...]
-
Página 160
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown f o r each VLAN that has ML D snooping enabled: ■ VLAN ID number and name ■ Querier address: IPv6 address of the de vice acting as querier for the VLAN ■ Querier up time: th e length of time in seconds that the querier has b[...]
-
Página 161
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Current MLD Configuration Syntax: show ipv6 mld config Displays current global MLD configuration for all MLD- enabled VLANS on the switch. show ipv6 vlan <vid> config Displays current MLD configurat ion for the specified VLAN, including per -port conf igurati[...]
-
Página 162
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The specific form of the co mmand might look like this: ProCurve# show ipv6 mld vlan 8 config MLD Service Vlan Config VLAN ID : 8 VLAN NAME : VLAN8 MLD Enabled [No] : Yes Querier Allowed [Yes] : Yes Port Type | Port Mode Forced Fa st Leave Fast Leave ---- --------- [...]
-
Página 163
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Ports Currently Joined Syntax: show ipv6 vlan <vid> group Lists the ports currently joined for all IPv6 multicast group addresses in the specified VLAN vid —V L A N I D show ipv6 vlan <vid> group <ipv6-addr> Lists the ports currently joined fo r[...]
-
Página 164
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown: ■ VLAN ID and nam e ■ port information for ea ch IPv6 multi cast group address in the VLAN (general group command) or for the specified IPv6 multicast group address (specific group command): • group multicast address • la[...]
-
Página 165
------- ------------ ---------- -- ------------ ------------ Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation For example, the gene ra l form of the co mmand: ProCurve# show ipv6 mld statistics MLD Service Statistics Total vlans with MLD enabled : 2 Current count of multicast groups join ed : 36 MLD Joined Groups[...]
-
Página 166
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Counters Syntax: show ipv6 mld vlan <vid> c ounters Displays MLD counters for the specified VLAN vid —V L A N I D ProCurve# show ipv6 mld vlan 8 counters MLD Service Vlan Counters VLAN ID : 8 VLAN NAME : VLAN8 General Query Rx : 2 General Query Tx : 0 Group [...]
-
Página 167
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation The following information is shown: ■ VLAN number and n ame ■ For each VLAN: • number of general queries received • number of gene ral queries sent • number of group-specific q ueries received • number of group-specific qu eries sent • number of ML D [...]
-
Página 168
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration 7-22[...]
-
Página 169
8 IPv6 Diagnostic and T roubleshooting Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Ping for IPv6 (Ping6) . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 170
IPv6 Diagnostic and Troubleshooting Introduction Introduction Feature Default CLI IPv6 ICMP Message Interval and T oken Buck et 100 ms 10 max tokens 8-3 ping6 Enabled traceroute6 n/a The IPv6 ICMP fe ature enables cont rol over the error and infor mational message rate for IPv6 traffic, which c an help mitigate the ef fects of a Deni al- of-service[...]
-
Página 171
IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting Controlling the frequ ency of IC MPv6 error messages can help to preven t DoS (Denial- of- Service) attacks. With IP v6 enabled on the switch, you can control the allowable frequency of these me ssages with ICM Pv6 rate-limitin g. Syntax:. ipv6 icmp error -interval < 0 - 2147483647 > [buc[...]
-
Página 172
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Ping for IPv6 (Ping6) The Ping6 test is a point- to-point test th at a ccepts an IPv6 address or IPv6 host name to see if an IPv6 switch is c ommu nicating proper ly with another device on the same or another IP network . A ping test checks the path between t he switch and another device by [...]
-
Página 173
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) [timeout] : Number of seconds within which a response is required from the destination ho st before the ping test times out. V alid values: 1 - 60. Default: 1 second. [source <ipv6-addr | hostn ame >]: Source IP address or hostname. The source IP add ress must be owned by the router . [...]
-
Página 174
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 T raceroute for IPv6 The traceroute6 command enables you to trace the route from a switch to a host device that is identi fied by an IPv6 address or IPv6 host name. In the command output, information on each (router) hop betwee n the switch and the destination IPv6 address is displayed. To u s[...]
-
Página 175
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Syntax: traceroute6 < ipv6-a ddress | hostname > [minttl < 1-255 > [maxttl < 1-255 > [timeout < 1 - 60 >] [probes < 1-5 >] [source <ipv6-addr | vlan-id>] traceroute6 < link-local-address %vlan< vid > | host name > [minttl < 1-255 >] [maxttl[...]
-
Página 176
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 ProCurve# traceroute6 2001:db8::10 traceroute to 2001:db8::10 1 hop min, 30 hops max, 5 sec. timeout , 3 probes 1 2001:db8::a:1c:e3:3 0 ms 0 ms 0 ms 2 2001:db8:0:7::5 7 ms 3 ms 0 ms 3 2001:db8::214:c2ff:fe4c:e480 0 ms 1 ms 0 ms 4 2001:db8::10 0 ms 1 ms 0 ms ProCurve# traceroute6 2001:db8::10 m[...]
-
Página 177
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 DNS Resolver for IPv6 The Domain Name System (DNS) resolv er is designed f or local network domains where it enables us e of a host name or fully qualified domain name to support DNS-compat ible commands fr om the switch. Beginning with soft- ware release K.13.0 1,DNS operati on supports the[...]
-
Página 178
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 — Continued from the previous page. — The no form of the command removes the specified address from the server address list configured on the switch. < ip-addr >: Specifies the address of an IPv6 or IPv4 DNS server . Syntax:. [no] ip dns domain-name < domain -name-suffix > Us[...]
-
Página 179
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 been configured as the domain name on the switch and th e address of a DNS server residing in that domain is also configured on the switch. The commands for these steps are as follows: ProCurve(config)# ip dns server priority 1 2001:db8::127:10 ProCurve(config)# ip dns domain-name mygroup.pr[...]
-
Página 180
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug/Syslog for IPv6 The Debug/System logging ( Syslog ) for IPv6 feature provi des the same logging functions as th e IPv4 vers ion, allowing you to record IPv4 and IPv6 Event Log and debug messages on a remote device to troubleshoot switch or network operation. For example, you can send m[...]
-
Página 181
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug Command Syntax: [n o] debug < debug-type > Configures the types of IPv4 and IPv6 messages that are sent to Syslog servers or other debug destinations, where < debug-t ype > is any of the following event types: acl When a match occurs on an ACL “deny” statement with a lo[...]
-
Página 182
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Syntax:. [no] debug < debug-type > (Continued) ip [ rip < database | event | trigger > Configures specified IPv4 RIP message types to be sent to configured debug destinations: database— D atabase changes event— RIP events trigger— T rigger messages ipv6 Configures messages [...]
-
Página 183
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 • debug destinatio n buffer enables the configured debug message types to be sent to a buff er in switch memory . Logging Command Syntax: [n o] logging < syslog-ipv4-addr > Enables or disables Syslog mess aging to the specified IPv4 address. You can configure up to six addresses. If [...]
-
Página 184
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 8-16[...]
-
Página 185
A Te r m i n o l o g y DAD Duplicate Address Detect ion. Refer to “Duplicate Address Detection (DAD)” on page 4-18. Device Identifier The low-order bit s in an IPv6 ad dre ss that identi fy a specific device. For example, in the link-local address 2001:db8:a10:101:212:79f f:fe88:a10 0/64, the bits forming 212:79ff: fe88:a100 comprise the device[...]
-
Página 186
Terminology A-2[...]
-
Página 187
Index Symbols … 4-7, 4-13 %vlan suffix … 5-6, 5-10, 5-13 A ACL debug messages … 8-13 address configuration DNS for IPv6 … 2-14 duplicate unicast addres ses … 3-6, 2-9, 4-18 IPv6 anycast address … 2-9, 2-11, 2-7, 2-8, 3-5, 3-11, 3-16, 3-17, 4-7, 4-13, 2-8, 3-5, 3-6, 3-8, 4-9, 2-8, 3-5, 4-12, 2-7, 3- 5, 3-11, 3-13, 4-6, 3-11 maximum numbe[...]
-
Página 188
DHPv6 messages … 8-14 event log messages … 8-13 IPv4/IPv6 event messages … 8-13, 8-12 LLDP messages … 8-14 using Syslog servers … 8-14 wireless-services messages … 8-14 denial-of-service ICMPv6 rate limiting … 2-13 deprecated address …4 - 2 2 device identifier in IPv6 address …3 - 4 See also interface identifier. DHCPv6 debug mess[...]
-
Página 189
quick start … 1-8 IP authorized managers for IPv6 … 2-12 IP masks for multiple authorized manager stations … 6-6, 6-5 used in configuring auth orized IP management … 6-5, 6-3 IP Preserve configuring … 5-23 DHCP-assigned address … 5-24 downloading configuration file to IPv6 switch … 5-24 feature description … 5-23, 2-11 IPv6 address [...]
-
Página 190
MIB support SNMP … 5-20 migration from IPv4 to IPv6 … 2-3, 2-4, 2-6 MLD blocking multicast pack et forwarding … 7-5, 7-9 configuration … 7-8 displaying configuratio n … 7-12, 7-15, 7-18, 7-20 forwarding multicast packets … 7-5, 7-9 overview … 2-11 reducing multicast flooding … 7-2, 7-4 snooping at port level … 7-2 used on IPv6 loc[...]
-
Página 191
SSHv2 for IPv6 … 2-11 setup screen …1 - 8 sFlow …5 - 2 0 SFTP See SCP/SFTP. show ipv6 … 2-9, 3-6, 4-6, 4-8, 4-10, 4-13, 4-15, 4-21 show run IPv6 output … 4-25 SNMP configuring SNMPv1/v2c trap receiver … 5-21 displaying SNMPv3 management station configuration … 5-23, 5-22 features supported for IPv6 … 5-20 IPv6 support … 2-15 remot[...]
-
Página 192
V autoconfiguration … 3-11 used within an organization … 3-19 unspecified address in IPv6 … 3 -25 valid lifetime of global unicast addres s … 3-7, 3-25, 4-8, 4-10 use of deprecated IPv6 address as source or destination … 4-32 VLAN deprecated global unicast address … 3-16, 3-25 DHCPv6 server-assigned address … 4-9 displaying IPv6 confi[...]
-
Página 193
[...]
-
Página 194
© Copyright 2009 Hewlett-Pack ard Development Company , L.P . February 2009 Manual Part Number 5992-544 1[...]