Go to page of
Similar user manuals
-
Switch
HP (Hewlett-Packard) JG222A
157 pages 1.7 mb -
Switch
HP (Hewlett-Packard) 2500
8 pages 0.27 mb -
Switch
HP (Hewlett-Packard) 2012i
86 pages 1.75 mb -
Switch
HP (Hewlett-Packard) 263924-002
135 pages 2.69 mb -
Switch
HP (Hewlett-Packard) 2300
2 pages 0.08 mb -
Switch
HP (Hewlett-Packard) HP c-Class BladeSystem
88 pages 1.5 mb -
Switch
HP (Hewlett-Packard) EZ-KIT
112 pages 0.95 mb -
Switch
HP (Hewlett-Packard) 498358B21
4 pages 0.8 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of HP (Hewlett-Packard) 2910AL, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of HP (Hewlett-Packard) 2910AL one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of HP (Hewlett-Packard) 2910AL. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of HP (Hewlett-Packard) 2910AL should contain:
- informations concerning technical data of HP (Hewlett-Packard) 2910AL
- name of the manufacturer and a year of construction of the HP (Hewlett-Packard) 2910AL item
- rules of operation, control and maintenance of the HP (Hewlett-Packard) 2910AL item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of HP (Hewlett-Packard) 2910AL alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of HP (Hewlett-Packard) 2910AL, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the HP (Hewlett-Packard) service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of HP (Hewlett-Packard) 2910AL.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the HP (Hewlett-Packard) 2910AL item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
IPv6 Configuration Guide Pr oCurv e Switches W . 1 4.03 29 10al www .procurv e.com[...]
-
Page 2
[...]
-
Page 3
HP ProCurve 2910al Switch February 2009 W .14.03 IPv6 Configuration Guide[...]
-
Page 4
© Copyright 2009 Hewlett-Pa ckard Development Company, L.P . The information contain ed herein is subject to ch ange with- out notice. All Rights Reserved. This document contains proprie tary information, which is protected by copyright. No pa rt of this document may be photocopied, reproduced, or translated into another language without the prior[...]
-
Page 5
Contents About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Software Feature Index . . . . . . [...]
-
Page 6
2 Introduction to IPv6 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 7
Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15 Loopback Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15 Debug/Syslog Enha[...]
-
Page 8
Global Unicast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Stateless Autoconfig uration of a Glo bal Unicast Address . . . . . . . . . 3-16 Static Configuration of a Global Unicast Address . . . . . . . . . . . . . . . 3-17 Prefixes in Routable IPv6 Addr esses . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 9
Statically Co nfiguring An Anyc ast Address . . . . . . . . . . . . . . . . . . . . . 4-14 Duplicate Address Detection (DAD) for Statically Configured Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Disabling IPv6 on a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Ne[...]
-
Page 10
Viewing the Current Inbo und Telnet6 Configuration . . . . . . . . . . . . . . 5-8 SNTP and Timep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 Configuring (Enabl ing or Disabling) the SN T P Mode . . . . . . . . . . . . . 5-9 Configuring an IPv6 Address for an SNTP Server . . . . . . . . . . . . . [...]
-
Page 11
7 Multicast Listener Disc overy (MLD) Snooping Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Introduction to MLD Snooping . . . . . . . . . . . . . . . . . [...]
-
Page 12
A Terminology Index x[...]
-
Page 13
Product Documentation About Y our Switch Manual Set Note For the latest version of all ProCur ve switch documentation, including Release Notes covering re cently added features, please visit the ProCurv e Networking W eb site at www .procurve.com, c lick on Cu stomer Care , and then click on Manuals . Printed Publications The publication s listed b[...]
-
Page 14
Software Feature Index For the software manual se t supporting your 2910al sw itch model, this feature index indicate s which manual to consult for in formation on a given software feature. Note This Index does not cover IPv6 capable software features. Fo r information o n IPv6 protocol operations and features (such as DHCPv6 , DNS for IPv6, Ping6,[...]
-
Page 15
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide DHCP/Bootp Operation Diagnostic T ools Downloading Software X X X Dynamic ARP Protection Dynamic Configuration Arbiter Eavesdrop Protection Event Log X X X X Factory Default Settings Flow Control (802.3x) F[...]
-
Page 16
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide MAC Lockdown X MAC Lockout MAC-based Authentication Management VLAN Monitoring and Analysis Multicast F iltering Multiple Configuration Files Network Management Applications (SNMP) OpenView Device Managemen[...]
-
Page 17
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide RMON 1,2,3,9 Routing Routing - IP Static X X X Secure Copy sFlow SFTP SNMPv3 X X X X Software Downloads (SCP/SFTP , TFPT , Xmodem) Source-Port Filters Spanning T ree (STP , RSTP , MSTP) SSHv2 (Secure Shell)[...]
-
Page 18
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide Vo i c e V L A N W eb Authentication RADIUS Support W eb-based Authentication W eb UI Xmodem X X X X X xvi[...]
-
Page 19
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 20
Getting Started Introduction Introduction This guide is intende d for use with the followin g switches: ■ HP ProCurve 2910al Switch It describes how to use the command l in e interface (C LI), Menu interface, and web browser to conf igure, manage, monitor , and troubleshoot swit ch opera- tion. For an ove rview of othe r produc t documentation fo[...]
-
Page 21
Getting Started Conventions ■ Boldface indicates use of a CLI command, part of a CLI command syntax, or other displayed element in general text. For example: “Use the copy tftp command to download the key from a TFTP ser ver .” ■ Italics indicate variables for which yo u must supply a value when execut- ing the command. For example, in this[...]
-
Page 22
Getting Started Sources for More Information Keys Simulations o f actual keys use a bold, sa ns-serif typeface with square brackets. For example, the T ab key appears as [T ab] and the “Y” key appears as [Y] . Sources for More Information For information about switch operation and features no t covered in this guide, consult the f ollowing sour[...]
-
Page 23
Getting Started Sources for More Information • port configurati on, trunking, traffic control, and PoE operation • SNMP , LLDP , and ot her network management topi cs • file transfers, switch monitoring, troub leshooting, and MAC address management ■ Advanced T raffic Management Guide —Use this guid e for information o n topics such as: ?[...]
-
Page 24
Getting Started Sources for More Information Getting Documentation From the W eb T o obtain th e latest versions of documentati on and release notes for your switch: 1. Go to the ProCurve Networking web site at www .procurve.com 2. Click on Customer Care . 3. Click on Manuals . 4. Click on the pr oduct for which yo u want to view or download a manu[...]
-
Page 25
Getting Started Sources for More Information Command Line Interface If you need i nformation on a specific comm and in the CLI, type the command name fo llowed by help . For example: Figure 1-3. Example of CLI Help W eb Browser Interface If you need information on specific features in the Pro Curve W eb Browser Interface (hereafter referred to as t[...]
-
Page 26
1 Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing If you just want to give th e switch an IP address so that it can communicate on your network, or if you are not us ing VLANs, ProCurve recommends that you use the Switch Setup sc reen to quickly configure IP addressing. T o do so, do one of the following: ■ Enter s[...]
-
Page 27
2 Introduction to IPv6 Contents Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Dual-Stack Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 28
Introduction to IPv6 Contents ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Traceroute6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 29
Introduction to IPv6 Migrating to IPv6 Migrating to IPv6 T o successfully migrat e to IPv6 involves mainta ining compatibilit y with the large installed base of IPv4 hosts an d routers for the immedi ate future. T o achieve this purpose, softwa re release K.1 3.01 supports dual-stack (IPv4/IPv6) operation and connections to IPv6-aware routers for r[...]
-
Page 30
Introduction to IPv6 Migrating to IPv6 IPv6 Propagation IPv6 is currently i n the early stag es of deployment worldwide, involving a phased-in migration led by the application of basic IPv6 functi onality . In these applications, IPv6 traffic is switched among IPv6-capable de vices on a given LAN, and routed between LANs using IPv6-capable router s[...]
-
Page 31
Introduction to IPv6 Migrating to IPv6 Connecting to Devices Supp orting IPv6 Over IPv4 T unneling The switches covered by this guide can interoperate with IPv6/IPv4 devices capable of tunneling IPv6 tr affic across an IPv4 infras tructure. Some examples include: ■ traffic between IPv6/IPv4 routers (router/router) ■ traffic between a n IPv6/I P[...]
-
Page 32
Introduction to IPv6 Use Model Use Model Adding IPv6 Capability IPv6 was designed by the Internet Engineer ing T ask Force (IETF) to i mprove on the scalability , security , ease of configuration, and network management capabilities of IPv4. IPv6 provides increased flexibility an d connectivity for ex isting networke d devices, addresses the limite[...]
-
Page 33
Introduction to IPv6 Configuration and Management The next three sections ou tline the IPv6 features supported in software release K.13.01. Configuration and Management This section ou tlines the con figurable manageme nt features supporting IPv6 operation on you r ProC urve IPv6-ready switch. Management Features Software release K.13.01 provides h[...]
-
Page 34
Introduction to IPv6 Configuration and Management and the interface identifier currently in use i n the link-local address. Having a global unicast address and a connection to an IPv6- aware ro uter enables IPv6 traffic on a VLAN to be routed to ot her VLANs supporting IPv6-aware device s. (Using software release K.13.01, an e xtern al, IPv6 - awar[...]
-
Page 35
Introduction to IPv6 Configuration and Management Note In IPv6 for the switches co vered in this guide, th e default route cannot be statically configured. Al so, DHCPv6 does not include default route configur a- tion.) Refer to “Default IPv6 Router” on page 4-28 and “View IPv6 Gateway , Route, and Router Neighbors ” on page 4-29. Neighbor [...]
-
Page 36
Introduction to IPv6 Configuration and Management IPv6 Management Features The switch's IPv6 management fe atures support operation in an environment employing IPv6 servers and management stations.With a link to a properly configured IPv6 router , switch managem ent extends to rout ed traffic solu- tions. (Refer to the docu mentation provided [...]
-
Page 37
Introduction to IPv6 Configurable IPv6 Security IP Preserve IP Preserve operation preserves both the IPv4 and IPv6 addresses config ured on VLAN 1 (the default VLAN) when a configurati on file is downlo aded to the switch using TFTP . Refer t o “IP Preserve for IPv6” on page 5-23. Multicast Listener Discovery (MLD) MLD oper ates in a manne r si[...]
-
Page 38
Introduction to IPv6 Configurable IPv6 Security supported between the switch and IPv6 management stations when SSH on the switch is also configur ed for IPv6 operation. Th e switch now offers these SSHv2 connect ion types: ■ IPv6 only ■ IPv4 only ■ IPv4 or IPv6 The switch supports up to six inbound sessions of the following type s in any comb[...]
-
Page 39
Introduction to IPv6 Diagnostic and Troubleshooting Caution The Authorized IP Managers feature do es not protect against unauthorized station access through a mode m or direct connection to the Console (RS-2 32) port. Also, if an unauth oriz ed station “spoofs” an auth orized IP address, then the unauthorized stati on cannot be blocked by the A[...]
-
Page 40
Introduction to IPv6 Diagnostic and Troubleshooting Domain Name System (DNS) Resolution This feature enables resolving a host na me to an IPv6 address and the reverse, and takes on added importance over its IPv4 coun terpart du e to the e xtended length of IPv6 addresses. W ith DN S-compatible commands, CLI command entry becomes easier for reaching[...]
-
Page 41
Introduction to IPv6 IPv6 Scalability SNMP When IPv6 is enabled on a VLAN interf ace, y ou can manage the switch from a network management stati on configured with an IPv6 address. Refer to “SNMP Management for IPv6” on pa ge 5-20. Loopback Address Like the IPv4 loopback address, the IPv6 loopback address (::1) can be used by the switch to send[...]
-
Page 42
Introduction to IPv6 Path MTU (PMTU) Discovery Path MTU (PMTU) Discovery IPv6 PMTU operation is managed auto matically by the IPv 6 nodes between the source and destination of a transmission. For Ethernet frames, the default MTU is 1500 bytes. If a router on th e path cannot forward the default MTU size, it sends an ICMPv6 message (P KT_TOO_BIG) wi[...]
-
Page 43
3 IPv6 Addressing Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 IPv6 Address Structure and Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Address Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Address Not[...]
-
Page 44
IPv6 Addressing Contents Prefixes in Routable IPv6 Addr esses . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18 Unique Local U nicast IPv6 Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19 Anycast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20 Multicast Ap plication to [...]
-
Page 45
IPv6 Addressing Introduction Introduction IPv6 supports mult iple ad dresses on an interface, and uses them in a manner comparable to subnetting an IPv4 VLAN . For example, where the switch is configured with multiple VLANs and each is connected to an IPv6 router , each VLAN will have a sing le link-local ad dress and one or more global unicast add[...]
-
Page 46
IPv6 Addressing IPv6 Address Structure and Format An IPv6 address includes a network prefix and an in terface identifier . Network Prefix The network prefix (high- order bits) in an IPv6 address begins with a well- known, fixed pref ix for defining the address type. S ome examples of well- known, fixed prefixes are: 2000::/3global (routable) unicas[...]
-
Page 47
IPv6 Addressing IPv6 Addressing Options IPv6 Addressing Options IPv6 Address Sources IPv6 addressing sources pr ovide a flexible methodol ogy for assigning addresses to VLAN interfaces on the switch. Options include: ■ stateless IPv6 autoconfiguration on VLAN interfaces includes: • link-local unica st addresses • global unicast addresses ■ [...]
-
Page 48
IPv6 Addressing IPv6 Addressing Options Stateful Address Autoconfiguration. This method allows use of a DHCPv6 server to automatically c onfig ure IPv6 addressing on a host in a manner similar to stateful IP addressi ng with a DHCPv4 server . For software release K.13.01, a DHCPv6 server can pr ovide routable IPv6 ad dressing and NTP (timep) server[...]
-
Page 49
IPv6 Addressing IPv6 Address Sources IPv6 Address Sources IPv6 addressing sources pr ovide a flexible methodol ogy for assigning addresses to VLAN interfaces on the switch. Options include: ■ stateless IPv6 autoconfiguration on VLAN interfaces includes: • link-local unica st addresses • global unicast addresses ■ stateful IPv6 address c onf[...]
-
Page 50
IPv6 Addressing IPv6 Address Sources servers. These lifetimes cannot be rese t using control from the switch console or SNMP method s. Refer to “Preferred and V alid Addr ess Lifetimes” on page 3- 25. Stateful (DHCPv6) Ad dress Configuration Stateful addresses are defined by a system administrator or ot her authority , and automatically assigne[...]
-
Page 51
IPv6 Addressing IPv6 Address Sources Static Address Configuration Generally , static address conf iguration should be used w hen you want specific, non-default addressing to be assigned to a VLAN interface. For IPv6, DHCP use is indic ated for conditions such as the following: ■ address conventions used in your network require defi ned control ?[...]
-
Page 52
IPv6 Addressing Address Types and Scope Address T ypes and Scope Address T ypes IPv6 uses these IP address types: ■ Unicast: Identifi es a specific IPv6 interf ace. T raffic havi ng a unicast destination a ddress is intended for a single interface. Like IPv4 addresses, unicast addresses can be assigned to a specific VLAN on the switch and to othe[...]
-
Page 53
IPv6 Addressing Address Types and Scope Address Scope The address scope determines the ar ea (topology) in which a given IPv6 address is used. This section provid es an overview of IPv6 address types. For more information, refer to the chapter ti tled “IPv6 Addressing”. Link-Local Address. Limited to a g iven interfa ce (VLAN). Enabling IPv6 on[...]
-
Page 54
IPv6 Addressing Address Types and Scope In binary notation, the fixed prefi x for link-local prefixes is: 1111 1110 10 = fe80/10 For more on link-local a ddr esses, refer to “Link-Lo cal Unicast Address” on page 3-13. Routable Global Unicast Prefix. This we ll-known 3-bit f ixed-prefix ind i- cates a routable address used to identify a device o[...]
-
Page 55
IPv6 Addressing Link-Local Unicast Address Other Prefix T ypes. There are other designated global unicast pre fixes such as those for the following address types: ■ RFC 4380: “T eredo: T unneling IPv 6 over UDP” ■ RFC 3056: “Connection of IPv6 Domains via IPv4 Clouds” ■ RFC 4214: “Intra-Site Automatic T unnel Addressing Protocol (IS[...]
-
Page 56
IPv6 Addressing Link-Local Unicast Address Note Because al l VLANs configured on the switch us e the same MAC addre ss, all automatically generated lin k-local addresses on the switch wi ll have the same link-local address. However , since the scope of a link- local address includes only the VLAN on whic h it was generated, this sh ould not be a pr[...]
-
Page 57
IPv6 Addressing Link-Local Unicast Address MAC Address IPv6 I/F Identifier Full Link-Local Unicast Address 00-15-60-7a-ad-c0 215:60ff:fe7a: adc0 fe80::215:60ff:fe7a:adc0/64 09-c1-8a-44-b4-9d 11c1:8 aff:fe44:b49d fe80::11c1:8aff:f e44:b49d/64 00-1a-73-5a-7e-57 21a:73ff:fe5a:7 e57 fe80::21a:73f f:fe5a:7e57/64 The EUI me thod of g enerating a l ink-l [...]
-
Page 58
IPv6 Addressing Global Unicast Address Global Unicast Address A global unicast address is required for unicast traffic to be routed across VLANs within an organization as well as acro ss the public internet. T o support subnetting, a VLAN can be configured wi th multiple global unic ast addresses. Any of the fo llowing methods can be used t o confi[...]
-
Page 59
IPv6 Addressing Global Unicast Address ■ generate a link-local address on the VL AN as described in the preceding section (page 3-13). ■ transmit a router solicit ation on the VLAN, and to listen for advertise- ments from any IPv6 routers on the VLAN. For each unique router advertisement (RA) the switch receives fr om any router(s), the switch [...]
-
Page 60
IPv6 Addressing Global Unicast Address Prefixes in Routable IPv6 Addresses In routable IPv6 addresses, the prefix uniquely identifies an entity and a unicast subnet within that entity , and is defined by a length value specifying the number of leftmos t contiguous (high-order) bits co mprising the prefix. For an automatically generated global unica[...]
-
Page 61
IPv6 Addressing Unique Local Unicast IPv6 Address Unique Local Unicast IPv6 Address A unique local unicast address i s an addr ess that falls within a spec ific range, but is used only as a global unicast ad dress within an or ganization. T raffic having a source address with in the defined range should not be allowed beyond the borders of the inte[...]
-
Page 62
IPv6 Addressing Anycast Addresses Anycast Addresses Network size, traffic loads and the pot ential for network changes make it desirable to buil d in redundancy for some n etwork services to prov ide increased service reliabilit y . Anycast addressing prov ides this capability for applications wh ere it does not matter wh ich source is actually use[...]
-
Page 63
IPv6 Addressing Multicast Application to IPv6 Addressing For related information, refer to: ■ RFC 4291: “IP V ersi on 6 Addressing Architecture” ■ RFC 2526: “Reserved IPv6 Su bnet A nycast Addresses” Multicast Application to IPv6 Addressing Multicast is used to reduce traffic for applications that ha ve more than on e recipient for t he[...]
-
Page 64
IPv6 Addressing Multicast Appl ication to IPv6 Addressing For informati on on Multicast Listener Discovery (MLD) refer to the chapter titled “Multi cast Listener Discovery (MLD) Snoopi ng”. When MLD is enabled on an interface, you can use show ipv6 m ld [ vlan < vid >] to list the activ e multicast group ac tivity the switch has de tected[...]
-
Page 65
IPv6 Addressing Multicast Application to IPv6 Addressing ■ multicas t scope: Bits 13-16 set boundaries on multicast traffic distribu- tion, such a s the interface defined by the link-local unicast address of an area, or the network b oundaries of an organization. Because IPv6 uses multicast technology in pl ace of the broadcast technology used in[...]
-
Page 66
IPv6 Addressing Loopback Address fe90::215:60ff:fe7a:adc0 then the corresponding soli cited-node multicast address is ff02:0:0:0:0: 1:ff7a:adc0 For related information, refer to: ■ RFC 2375: IPv6 Multicast Address Assignments ■ RFC 3306: Unicast-Prefix-based IPv6 Multic ast Addresses ■ RFC 3956: Embedding the Rendezvous Point (RP) Address in [...]
-
Page 67
IPv6 Addressing The Unspecified Address The Unspecified Address The “unspecified” address is defined as 0.0. 0.0.0.0.0.0 (::/128, or just ::). It c an be used, for example, as a temporary so urce address in multicast traffic sent by an interface that has not yet acquir ed its own address. The unspecified address cannot be statically configured [...]
-
Page 68
IPv6 Addressing IPv6 Address Deprecation Notes Preferred and valid lifetimes on a VLAN interface are determin ed by the router advertisements received on the interface. These values are not affected by the lease time assigned to an address by a DHC Pv6 server . Tha t is, lease expiration on a DHCPv6- assigned address termi nates use of th e address[...]
-
Page 69
4 IPv6 Addressing Configuration Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Enabling IPv6 with an Automatically Enabling Automati c Configuration of a Global Unicast Address and a Default Duplicate Address Detection (DAD) for Statically General Configuration St eps . [...]
-
Page 70
IPv6 Addressing Configuration Contents Router Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Router Solicitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Default IPv6 Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 71
IPv6 Addressing Configuration Introduction Introduction Feature Default CLI Enable IPv6 with a Link-Local Address disabled 4-6 Configure Global Unicast disabled 4-7 Autoconfig Configure DHCPv6 Addressing disabled 4-9 Configure a Static Link-Local None 4-12 Address Configure a Static Global Unicast None 4-13 Address Configure an Anycast Address None[...]
-
Page 72
IPv6 Addressing Configuration General Configuration Steps General Configuration Steps The IPv6 configuration on switches runn ing software re leas e K.13.01 includes global and per -VLAN settings. This sectio n provides an overview of the general configuration steps for enab ling IPv6 on a given VLAN and can be ena bled by any one of several comman[...]
-
Page 73
IPv6 Addressing Configuration Configuring IPv6 Addressing 4. If needed, st atically config ure IP v6 unicast addressi ng on the VLAN interface as needed. This can include any of the following: • statically repl acing the automati cally generated link-local a ddress • statically adding glob al unicast, unique local unicast, and/or anycast addres[...]
-
Page 74
IPv6 Addressing Configuration Enabling IPv6 with an Automatically Con figured Link-Local Address Enabling IPv6 with an Automatically Configured Link-Local Address This command enables au tomatic configuration of a link-local ad dress. Syntax: [no] ipv6 enable If IPv6 has not already been enabled on a VLAN by anoth er IPv6 command option described i[...]
-
Page 75
IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Rout er Ide ntity on a VLAN Enabling Automatic Configuration of a Global Unicast Address and a Default Router Identity on a VLAN Enabling autoconfig or rebooting the switch with autoco nfig enabled on a VLAN causes the swi tch to configure IPv6[...]
-
Page 76
IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Router Identity on a VLAN — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned to a VLAN by aut oconfig uration is set to the preferred and valid lifetimes specified by the RA used to gener[...]
-
Page 77
IPv6 Addressing Configuration Enabling DHCPv6 Enabling DHCPv6 Enabling the DHCPv6 option on a VLA N a llows the swi tch to obtain a global unicast address and an N TP (network time prot ocol) server assignmen t for a T imep server . (If a DHCPv6 server is not needed to provide a g lobal unicast address to a switch interface, the server can still be[...]
-
Page 78
IPv6 Addressing Configuration Enabling DHCPv6 — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned to the VLAN by an DHCPv6 server is set to the preferred and valid lifetimes sp ecified in a router advertise- ment received on the VLAN for the prefix used in the assigned address, and is configur[...]
-
Page 79
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN ■ DHCPv6 and statically configured global unicast or anycast addresses are mutually exclusive on a given VLA N . That is, configuring DHCPv6 on a VLAN erases any static global unic ast or anycast addresses previously configured on that VLAN, and the revers e. (A statically[...]
-
Page 80
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-Local Unicast Address Syntax: [no] ipv6 address fe80::< device-ide ntifier > link-local ■ If IPv6 is not already enable d on the VLAN, this command enables IPv6 and configures a static link-local address. ■ If IPv6 is already enabled on[...]
-
Page 81
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Statically Configuring A Global Unicast Address Syntax:. [no] ipv6 address < network-prefix><d evice-id >/< prefix-length > [no] ipv6 address < network-pref ix>::/< prefix-length > eui-64 If IPv6 is not already enabled on a VLAN, either of these[...]
-
Page 82
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Operating Notes ■ W ith IPv6 enabled, the switch determ ines the default IPv6 router for the VLAN from the router advertisements it receives. (Refer to “Router Access and Default Router Selection” on page 4-27.) ■ If DHCPv6 is configured on a VLAN, then configuring a [...]
-
Page 83
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Syntax:. [no] ipv6 address < network-prefix >< device-ide ntifier >/< prefix-length > anycast If IPv6 is not already enabled on a VLAN, this command option does the following: ■ enables IPv6 on the VLAN ■ configures a link-local add ress using the EUI-6[...]
-
Page 84
IPv6 Addressing Configuration Disabling IPv6 on a VLAN Duplicate Address Detect ion (DAD) for Statically Configured Addresses Statically configured IPv6 addresses are designated as permanent. If DAD determines t hat a statically configured ad dress duplica tes a previousl y config- ured and reachable add ress on another device belonging to the VLA [...]
-
Page 85
IPv6 Addressing Configuration Neighbor Discovery (ND) Neighbor Discovery (ND) Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP for layer 2 address resolution, and uses IPv6 IC MP messages to do the following: ■ Determine the link-lay er address of neighbors on the same VLAN inter - face. ■ V erify that a ne ighbor is reachable. ?[...]
-
Page 86
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Note: Neighbor and rout er solicitations must ori ginate on the same VLAN as the receiving device. T o support this operation, IPv6 is designed to discard any incoming neighbor or router solicitation that does not have a value of 255 in the IP Hop Limit field. For a complete list of re[...]
-
Page 87
IPv6 Addressing Configuration Duplicate Address Detection (DAD) that includes its link-local a ddress. If the newly configured address is from a static or DHCPv6 source and is found t o be a duplicate, it is labelled as duplicate in the “Address Status” field of the show ipv6 c ommand, and is not used. If an auto configured address is fo und to[...]
-
Page 88
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Operating Notes ■ A verified link-local unicast address must exist on a VLAN interface before the switch can run DAD on other addr esses associated with the interface. ■ If a previously configured unicast ad dress is changed, a neighbor adver - tisement (an all-nodes multicast mess[...]
-
Page 89
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration V iew the Current IPv6 Addressing Configuration Use these commands to view the current status of the IPv 6 configuration on the switch. Syntax: show ipv6 Lists the current, global IPv6 settings and per -VLAN IPv6 addressing on the switch. IPv6 Routing: For software release[...]
-
Page 90
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Address Origin: ■ Autoconfig: The address was configured using stateless address autoconfiguration (S LAAC). In this case, the device identifier for global uni cast addresses copied from the current link-loc al unicast address. ■ DHCP: The address was assigned by a DHC[...]
-
Page 91
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts : 3 Vlan Name : DEFAULT_VLAN IPv6 Status : Disabled Vlan Name : VLAN10 IPv6 Status : Enabled Address | Address Origin | IPv6 Address/Prefix[...]
-
Page 92
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ■ DAD Attempts: Indicates the number of neighbor solicita- tions the switch transmit s per -address for duplicate (IPv6) address detection. Implemented when a new address is configured or when an interface with config- ured addresses comes up (such as after a reboot). Th[...]
-
Page 93
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 vlan 10 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts : 3 Vlan Name : VLAN10 IPv6 Status : Enabled IPv6 Address/Prefixlength Expiry ------------------------------------ ------- --------[...]
-
Page 94
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show run Running configuration: . . . vlan 10 name "VLAN10" untagged A1-A12 ipv6 address fe80::127 link-local Statically config ured IPv6 addresses appear i n the show run output. ipv6 address 2001:db8::127/64 ipv6 address 2001:db8::15:101/64 an[...]
-
Page 95
IPv6 Addressing Configuration Router Access and Default Router Selection Router Access and Default Router Selection Routing traffic between destin ations on different VLANs configured on the switch or to a destination on an of f-swit ch VLAN is done by placing the switch on the same VLAN interface or subnet as an IPv6-capable router configured to r[...]
-
Page 96
IPv6 Addressing Configuration Router Access and Default Router Selection Note If the switch does not re ceive a router advertisement after sending the router solicitations, as described above, then no further router solicitations are sent on that VLAN unle ss a new IPv6 settin g is configured, IPv6 on the VLAN is disabled, then re-enable d, or the [...]
-
Page 97
IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors V iew IPv6 Gateway , Route, and Router Neighbors Use these commands to view the switch 's current routing table content and connectivity to routers per VLAN. This i n cludes information re ceived in router advertisements from IPv6 rout ers on VL ANs enabled with IPv6[...]
-
Page 98
IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors ProCurve(config)# show ipv6 route IPv6 Route Entries Dest : ::/0 “Unknown” Address Type : static Gateway : fe80::213:c4ff:fedd:14b0 %vlan10 Dist. : 40 Metric : 0 Dest : ::1/128 Loopback Address Type : connected Gateway : lo0 Dist. : 0 Metric : 1 Dest : 2001:db8:a03:e10[...]
-
Page 99
IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors MTU: This is the Maximum T ran smission Unit (in bytes) allowed for frames on the path to the indicated router . Hop Limit: The maximum number of router hops allowed. Prefix Advertised: Lists the prefix and prefix size (number of leftmost bits in an address) or iginating [...]
-
Page 100
IPv6 Addressing Configuration Address Lifetimes Address Lifetimes Every configured IPv6 unic ast and anycas t address has a lifetime setting that determines how long the address can be used b efore it must be refreshed or replaced. Some addresses are set as “p ermanent” and do n ot expire. Othe rs have both a “preferred” and a “valid” l[...]
-
Page 101
IPv6 Addressing Configuration Address Lifetimes T able 4-1. IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Link-Local Permanent Statically Configured Uni cast or Anycast Permanent Autoconfigured Global Finite Preferred and V alid Lifetimes DHCPv6-Configured Finite Preferred and V alid Lifetimes A new , preferred address used as a[...]
-
Page 102
IPv6 Addressing Configuration Address Lifetimes 4-34[...]
-
Page 103
5 IPv6 Management Features Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Viewing and Clearing the IPv6 Neighbors Cache . . . . . . . . . . . . . . . . 3-2 Viewing the Neighbor Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Clearing the Nei[...]
-
Page 104
IPv6 Management Features Introduction Introduction Feature Default CLI Neighbor Cache n/a 5-3, 5-5 T elnet6 Enabled 5-6, 5-7, 5-8 SNTP Address None 5-10 T imep Address None 5-13 TFTP n/a 5-15 SNMP T rap Receivers None 5-21 This chapter focuses on the IPv6 ap plicatio n of managem ent fe atures in software release K.13.01 that support both IPv6 and [...]
-
Page 105
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache V iewing the Neighbor Cache Neighbor discovery occurs when th ere is communication be tween IPv6 devices on a VLAN. The Neighbor Cache re tains data for a given neighbor until the entry times out. For more on this topi c, refer to “Neighbor Discovery (ND)” on page 4-17. Synt[...]
-
Page 106
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache — Continued from previous page. — • ST ALE : A timeout has occurred for reachability of the neigh- bor , and an unsolicited discov ery packet has been received from the neighbor address. If the path to the neighbor is then used successfully, this state is restored to REACH[...]
-
Page 107
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Clearing the Neighbor Cache When there is an eve nt such as a to pology change or an address change, the neighbor cache may have too many entries to allow ef ficient use. Also, if an unauthorized client is an swering DAD or normal neighbor solicitations with invalid repl ies, th[...]
-
Page 108
IPv6 Management Features Telnet6 Operation T elnet6 Operation This section describes T elnet operati on for IPv6 on th e switch. For IPv4 T elne t operation, refer to the Management and Configurat ion Guide for your switch. Outbound T elnet6 to Another Device Syntax: telnet < link-local-addr >%vlan< vid > telnet < global-unicast -add[...]
-
Page 109
IPv6 Management Features Telnet6 Operation V iewing the Current T eln et Activity on a Switch Syntax: show telnet This command shows the active incoming and outgoing telnet sessions on the switch (for both IPv4 and IPv6). Command output includes the followin g: Session: The session number . The swit ch allows one outbound session and up to five inb[...]
-
Page 110
IPv6 Management Features Telnet6 Operation Enabling or Disabling Inbound T elnet6 Access Syntax: [ no ] telnet6-server This command is used at the glob al config level to enable (the default) or disable inbound T elnet6 access to the switch. The no form of the command disables inbound telnet6. Note: T o disable inbound T eln et access completely, y[...]
-
Page 111
IPv6 Management Features SNTP and Timep SNTP and T imep Configuring (Enabling or Disabling) the SNTP Mode Software r elease K.13.01 enables config uration of a g lobal unicast a ddress for IPv6 SNTP time server . This section lists the SNTP and relate d c ommands, includi ng an example of using an IPv6 address. Fo r the details of configuring SNTP [...]
-
Page 112
IPv6 Management Features SNTP and Timep Configuring an IPv6 Addr ess for an SNTP Server Note T o use a global unicast IPv6 address to configure an IPv6 SNTP time se rver on the switch, th e switch must be receiving ad vertisements from an IPv6 router on a VL AN configured on t he switch. T o use a link-local IPv6 address to config ure an IPv6 SNTP [...]
-
Page 113
IPv6 Management Features SNTP and Timep For example, to configure link-local and global unicast SNTP server addresses of: ■ fe80::215:60ff:fe7a:adc0 (on VLAN 10, configured on the switch) ■ 2001:db8::215:60 ff:fe79 :8980 as the priority “1” and “2” SNTP server s, respectively , using version 7, you would enter these commands at the gl o[...]
-
Page 114
IPv6 Management Features SNTP and Timep For example, the show sntp output for the prece ding sntp server command example would appear as follows: ProCurve(config)# show sntp SNTP Configuration This example illustrates the command output when both Time Sync Mode: Sntp IPv6 and IPv4 server addresses are configured. SNTP Mode : Broadcast Poll Interval[...]
-
Page 115
IPv6 Management Features SNTP and Timep ip timep manual < ipv6-addr > Enable T imep operation with a statically config ured [ interval < 1 - 9999 >] IPv6 address for a T imep se rver . Optionally change the interval between time re quests. no ip timep Disables T imep operation. T o re-enable T imep, it is necessary to reconfigure eithe [...]
-
Page 116
IPv6 Management Features SNTP and Timep ProCurve(config)# ip timep manual fe80::215:60ff:fe7a:adc0%vlan10 Note In the preceding example, using a link- l ocal address requires that you specify the local scope for the address; VLAN 10 in this case. This is al ways indicated by %vlan followed immediately (without sp aces) by the VLAN identifie r . For[...]
-
Page 117
IPv6 Management Features TFTP File Transfers Over IPv6 TFTP File T ransfers Over IPv6 TFTP File T ransfers over IPv6 Y ou can use TFTP copy commands over IPv6 to up load, or download files to and from a physically connected device o r a remote TFTP server , including: ■ Switch softw are ■ Software images ■ Switch configur ations ■ ACL comma[...]
-
Page 118
IPv6 Management Features TFTP File Transfers Over IPv6 Enabling TFTP for IPv6 TFTP for IPv6 is enabled by default on the sw itch. However , if it is disabled, you can re-enable it by spec ifying TFTP client or server functionality with the tftp6 < client | server > command. Enter the tftp6 < client | server > command at the global confi[...]
-
Page 119
IPv6 Management Features TFTP File Transfers Over IPv6 Using TFTP to Copy Files over IPv6 Use the TFTP copy commands described i n this section to: ■ Download specified files from a TFTP server to a switch on which TFTP client functionality is enabled. ■ Upload specified files fr om a switch, on wh ich TF TP server functionality is enabled, to [...]
-
Page 120
IPv6 Management Features TFTP File Transfers Over IPv6 . ■ flash < p rimary | secondary >: Copies a software file stored on a remote host to primary or secondary flash memory on the switch. T o run a newly downlo aded software image, enter the reload or boot system flash command. ■ pub-key-file : Copies a public-key file to the switch. ?[...]
-
Page 121
IPv6 Management Features TFTP File Transfers Over IPv6 < ipv6-addr >: If this is a link-local address, use this IPv6 address format: fe80::< device-id >%vlan< vid > For example: fe80::123%vlan10 If this is a global unicast or anycast address, use this IPv6 format: < ipv6-addr > For example: 2001:db8::123 Using Auto-TFTP for [...]
-
Page 122
IPv6 Management Features SNMP Management for IPv6 SNMP Management for IPv6 As with SNMP for IPv4, you can manage a switch via SNMP from an IPv6- based network management st ation by usin g an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). (For more on PCM and PCM+, go to the Pro Curve Networking web site at www .procurv[...]
-
Page 123
IPv6 Management Features SNMP Management for IPv6 SNMP Configuration Commands Supported IPv6 addressing is su pported in the followin g SNMP configurat ion command s: For more information on each SNMP conf iguration procedure, refer to the “Configuring for Network Ma nagement Applications” chapter in the current Management and Conf iguration Gu[...]
-
Page 124
SNMPv2c Inform configuration IPv6 Management Features SNMP Management for IPv6 The show snmp-server command displays the current SNMP policy configuration, incl uding SNMP communities, network secu rity notifications, link-change traps, trap receiv ers (includi ng the IPv4 or IPv6 addre ss) that can receive SNMPv1 and SNMPv2c traps, an d the source[...]
-
Page 125
IPv6 Management Features IP Preserve for IPv6 The show snmpv3 targetaddress command displays th e configuration (including the IPv4 or IPv6 address) of the SNMPv3 management st ations to which notification messages are se nt. ProCurve(config)# show snmpv3 targetadd ress snmpTargetAddrTable [rfc2573] Target Name IP Address Parameter ----------------[...]
-
Page 126
IPv6 Management Features IP Preserve f or IPv6 ; J8697A Configuration Editor; Creat ed on release #K.13.01 hostname "ProCurve" time daylight-time-rule None * * * * Entering an ip preserve statement as t he last line in a configuration file stored on a TFTP server allows you to download * and execute the file as the start up-config file on[...]
-
Page 127
IPv6 Management Features IP Preserve for IPv6 Note that if a switch received its IP v6 address from a DHCP serve r , the “ip address” field under “vlan 1” would display: dhcp-bootp . ProCurve(config)# show run Running configuration: ; J8715A Configuration Editor; Created on release #K.13.01 hostname "ProCurve" Because the switch?[...]
-
Page 128
IPv6 Management Features IP Preserve f or IPv6 5-26[...]
-
Page 129
6 IPv6 Management Security Features Contents IPv6 Management Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Authorized IP Managers for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Usage Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 130
IPv6 Management Security Features IPv6 Management Security IPv6 Management Security This chapter describes manageme nt secu rity features th at are IPv6 counter - parts of IPv4 management security featur es on the switches covered by this guide. Feature Default CLI configure authorized IP managers for IPv6 disabled 6-5 configuring secure shell for [...]
-
Page 131
IPv6 Management Security Features Authorized IP Managers for IPv6 Authorized IP Managers for IPv6 The Authorized IP Managers feature us es IP addresses and masks to deter - mine which stations (P Cs or workstat ions) can access the switch through the network. This feature supports swi tch access through: ■ T elnet and other terminal emulation app[...]
-
Page 132
IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Y ou configure each authorized manage r address wi th Manager or Opera- tor -level privi lege to access the swit ch in a T elnet, SNMPv1, or SNMPv2c session. (Access privilege for SSH, SNMPv3, and web browser sessions are configured through the access appl ication, not throug h t[...]
-
Page 133
IPv6 Management Security Features Authorized IP Managers for IPv6 Configuring Authorized IP Managers for Switch Access T o configure one or more IPv6-based management stations to access the switch using th e Authorized IP Managers feature, enter the ipv6 a uthorized- managers command Syntax: ipv6 authorized-managers <ipv 6-addr> [ ipv6-mask ][...]
-
Page 134
IPv6 Management Security Features Authorized IP Managers for IPv6 Notes If you do not enter a value fo r the ipv6-mask parameter when you configure an authorized IPv6 address, th e switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the defaul t mask (see “Configuring Authorized IP Managers for Switch Access” on page 6-5). If y[...]
-
Page 135
IPv6 Management Security Features Authorized IP Managers for IPv6 Conversely , in a mask, a “0” binary bit mean s that either the “ on” or “off” setting of the corresponding IPv6 bit in an au thorized address is valid and does not have to match th e setting of the same bit in the specifi ed IPv6 address. Figure 6-2 shows the binary expr[...]
-
Page 136
IPv6 Management Security Features Authorized IP Managers for IPv6 Example. Figure 6-3 shows an example in which a mask that authorizes switch access to four management stat ions is applied to the IPv6 address: 2001:DB8:0000:0000:244:17FF:FEB6:D37D . The mask is: FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC . 1st Block 2nd Block 3rd Block 4th Block 5th B[...]
-
Page 137
IPv6 Management Security Features Authorized IP Managers for IPv6 to 0 (“off”) and allow the correspondin g bits in an authorized IPv6 address to be either “on” or “off”. As a result, only th e four IPv6 ad dresses shown in Figure 6-5 are all owed access. 1st Block 2nd Block 3rd Block 4th Block 5th Block 6th Block 7th Block 8th Block IP[...]
-
Page 138
IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Each authorized station has the same 64-bit device ID ( 244:17FF:FEB6:D37D ) because the value of the last four blocks in the mask i s FFFF (binary value 1111 1111). FFFF req uires all bits in each correspon ding block of an authorized IPv6 address to have the same “on” or ?[...]
-
Page 139
IPv6 Management Security Features Authorized IP Managers for IPv6 Figure 6-7 shows the bits in the fourth block of the mask that determine the valid subnets in which authorized stat ions with an IPv6 device ID of 244:17FF:FEB6:D37D reside. FFF8 in the fourth block o f the mask means that bits 3 - 15 of the block are fixed and, in an authorized IPv6[...]
-
Page 140
-------------------------------------- - IPv6 Management Security Features Authorized IP Managers for IPv6 Displaying an Authorized IP Managers Configuration Use the show ipv6 authorized-ma nagers command to list the IPv6 stations authorized to access th e switch; for example: ProCurve# show ipv6 authorized-manager s IPv6 Authorized Managers Addres[...]
-
Page 141
IPv6 Management Security Features Authorized IP Managers for IPv6 Additional Examples of Au thorized IPv6 Managers Configuration Authorizing Manager Access. The following IPv6 co mmands authoriz e manager -leve l access for one link-local stat ion at a time . Note that when you enter a link-local IPv6 address with the ipv6 authorized-managers comma[...]
-
Page 142
IPv6 Management Security Features Authorized IP Managers for IPv6 The next IPv6 command authorizes oper ator -level access for sixty-four IPv6 stations: thirt y-two stations in the subne ts defined by 0x0006 and 0x0007 in the fourth block of an authorized IPv6 address: ProCurve(config)# ipv6 authorized-managers 2001:db8:0000:0007:231:17ff:fec5:c967[...]
-
Page 143
IPv6 Management Security Features Secure Shell for IPv6 Secure Shell for IPv6 The Secure Shell (SSH) for IPv6 featur e prov ides the sa me T elnet-like func- tions through encrypted, au thenticated transactions as SSH for IPv4. SSH for IPv6 provides CLI (console) access and se cure file transfer functionality . The following types o f tran sactions[...]
-
Page 144
IPv6 Management Security Features Secure Shell for IPv6 Note Syntax:. [ no] ip ssh Enables SSH on the switch and activates the connection with a configured SSH serv er (RADIUS or TACACS+). To disable SSH on th e switch, enter the no ip ssh com- mand. [ip-version < 4 | 6 | 4or6 >] IP version used for SSH co nnections on the switch: 4 accepts S[...]
-
Page 145
IPv6 Management Security Features Secure Shell for IPv6 Displaying an SSH Configuration T o verify an SSH for IPv6 configuratio n and display all SSH sessions running on the switch, enter th e show ip ssh command. Inform ation on all current S SH sessions (IPv4 and IPv6) is displayed. ProCurve(config)# show ip ssh SSH enabled : Yes Displays the cur[...]
-
Page 146
IPv6 Management Security Features Secure Copy and Secure FTP for IPv6 Secure Copy and Secure FTP for IPv6 Y ou can take advantage of the Secure Copy (SCP) and Secure FTP (SFTP) client applicati ons to provide a secure alternative to TFTP for transferring sensitive switch in formation, such as config uration files and login info rma- tion, between t[...]
-
Page 147
7 Multicast Listener Di scovery (MLD) Snooping Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Introduction to MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Configuring MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 148
Multicast Listener Discovery (MLD) Snooping Overview Overview Multicast add ressing allows one -to-many or many-t o-many comm unication among hosts on a net work. T ypical applicat ions of multicast commun ication include audio and video streaming, de sktop conferenci ng, collabor ative com- puting, and simi lar applications. Multicast Listener Dis[...]
-
Page 149
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Introduction to MLD Snooping There ar e several roles t hat network dev ices may play in an IPv6 multic ast environment: ■ MLD host — a network node that uses MLD to “join” (subscribe to) one or more multicast groups ■ multicas t router — a router that routes mu lt[...]
-
Page 150
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping General opera tion. Multicast communi cation can take place witho ut MLD, and by default MLD is disabl ed. In that case, if a switch receives a packet w ith a multicast destinati on address, it floods the packet to all ports in the same VLAN (except the port that it ca me in o[...]
-
Page 151
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Note that MLD snoop ing operates on a single VLAN (though t here can be multiple VLANs, each runni ng MLD snooping). Cross-VLAN traffic is handled by a multicast router . Forwarding in MLD snooping. When MLD snooping is active, a multicast packet is handled by the switch as fo[...]
-
Page 152
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping A network node establ ishes itself as an MLD host by issuing a multicast “join” request (also called a multicast “report”) for a specific multicast address when it starts an application that listens to multicast traffic . The switch to which the node is connected sees [...]
-
Page 153
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Fast leaves and forc ed fast leaves. The fast leave a nd forced fast leave functions can help to prune unnecessary mu lticast traffic when an MLD host issues a leave request from a multicas t a ddress. Fast leave is enabled by default and forced f ast leave is disabled by defa[...]
-
Page 154
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring MLD Several CLI commands are available for configuring MLD parameters on a switch. Enabling or Disabling MLD Snooping on a VLAN Syntax: [no] ipv6 mld Note: This command must be issued in a VLAN context. This command enables MLD snooping on a VLAN. Enabling MLD snooping applies [...]
-
Page 155
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring Per -Port MLD T raffic Filters Syntax: ipv6 mld [auto <port-list> | blo cked <port-list> | forward <port-list> ] Note: This command must be issued in a VLAN context. This command sets per -port traffic filters, which specify how each port should handle MLD tra[...]
-
Page 156
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring the Querier Syntax: [no] ipv6 mld querier Note: This command must be issued in a VLAN context. This command enables the switch to act as querier on a VLAN. The [no] form of the command disabl es the switch from acting as querier on a VLAN. The querier function is enabled by def[...]
-
Page 157
Multicast Listener Discovery (MLD) Snooping Configuring MLD For exampl e, to disable fast leave on ports in VLAN 8: ProCurve(vlan-8)# no ipv6 mld fast leave a14-a15 T o enable fast leave on ports in VLAN 8: ProCurve(vlan-8)# ipv6 mld fastlea ve a14-a15 Configuring Forced Fast Leave Syntax: [no] ipv6 mld forc edfastleave < port-list > Note: Th[...]
-
Page 158
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Displaying MLD Status and Configuration Current MLD Status Syntax: show ipv6 mld Displays MLD status informatio n for all VLANs on the switch that have MLD configured. show ipv6 mld vlan <vid> Displays MLD status for the specified VLAN vid —V L A N I D For e[...]
-
Page 159
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation ff02::1:ff04:3 FILT 0h:4m:5s A20 ff02::1:ff05:1 FILT 0h:4m:3s A21 ff02::1:ff0b:2dfe FILT 0h:3m:59s A17 ff02::1:ff0b:d7d9 FILT 0h:4m:4s A15 ff02::1:ff0b:da09 FILT 0h:4m:5s A18 ff02::1:ff0b:dc38 FILT 0h:4m:3s A19 ff02::1:ff0b:dc8d FILT 0h:4m:4s A20 ff02::1:ff0b:dd56 [...]
-
Page 160
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown f o r each VLAN that has ML D snooping enabled: ■ VLAN ID number and name ■ Querier address: IPv6 address of the de vice acting as querier for the VLAN ■ Querier up time: th e length of time in seconds that the querier has b[...]
-
Page 161
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Current MLD Configuration Syntax: show ipv6 mld config Displays current global MLD configuration for all MLD- enabled VLANS on the switch. show ipv6 vlan <vid> config Displays current MLD configurat ion for the specified VLAN, including per -port conf igurati[...]
-
Page 162
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The specific form of the co mmand might look like this: ProCurve# show ipv6 mld vlan 8 config MLD Service Vlan Config VLAN ID : 8 VLAN NAME : VLAN8 MLD Enabled [No] : Yes Querier Allowed [Yes] : Yes Port Type | Port Mode Forced Fa st Leave Fast Leave ---- --------- [...]
-
Page 163
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Ports Currently Joined Syntax: show ipv6 vlan <vid> group Lists the ports currently joined for all IPv6 multicast group addresses in the specified VLAN vid —V L A N I D show ipv6 vlan <vid> group <ipv6-addr> Lists the ports currently joined fo r[...]
-
Page 164
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown: ■ VLAN ID and nam e ■ port information for ea ch IPv6 multi cast group address in the VLAN (general group command) or for the specified IPv6 multicast group address (specific group command): • group multicast address • la[...]
-
Page 165
------- ------------ ---------- -- ------------ ------------ Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation For example, the gene ra l form of the co mmand: ProCurve# show ipv6 mld statistics MLD Service Statistics Total vlans with MLD enabled : 2 Current count of multicast groups join ed : 36 MLD Joined Groups[...]
-
Page 166
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Counters Syntax: show ipv6 mld vlan <vid> c ounters Displays MLD counters for the specified VLAN vid —V L A N I D ProCurve# show ipv6 mld vlan 8 counters MLD Service Vlan Counters VLAN ID : 8 VLAN NAME : VLAN8 General Query Rx : 2 General Query Tx : 0 Group [...]
-
Page 167
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation The following information is shown: ■ VLAN number and n ame ■ For each VLAN: • number of general queries received • number of gene ral queries sent • number of group-specific q ueries received • number of group-specific qu eries sent • number of ML D [...]
-
Page 168
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration 7-22[...]
-
Page 169
8 IPv6 Diagnostic and T roubleshooting Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Ping for IPv6 (Ping6) . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 170
IPv6 Diagnostic and Troubleshooting Introduction Introduction Feature Default CLI IPv6 ICMP Message Interval and T oken Buck et 100 ms 10 max tokens 8-3 ping6 Enabled traceroute6 n/a The IPv6 ICMP fe ature enables cont rol over the error and infor mational message rate for IPv6 traffic, which c an help mitigate the ef fects of a Deni al- of-service[...]
-
Page 171
IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting Controlling the frequ ency of IC MPv6 error messages can help to preven t DoS (Denial- of- Service) attacks. With IP v6 enabled on the switch, you can control the allowable frequency of these me ssages with ICM Pv6 rate-limitin g. Syntax:. ipv6 icmp error -interval < 0 - 2147483647 > [buc[...]
-
Page 172
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Ping for IPv6 (Ping6) The Ping6 test is a point- to-point test th at a ccepts an IPv6 address or IPv6 host name to see if an IPv6 switch is c ommu nicating proper ly with another device on the same or another IP network . A ping test checks the path between t he switch and another device by [...]
-
Page 173
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) [timeout] : Number of seconds within which a response is required from the destination ho st before the ping test times out. V alid values: 1 - 60. Default: 1 second. [source <ipv6-addr | hostn ame >]: Source IP address or hostname. The source IP add ress must be owned by the router . [...]
-
Page 174
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 T raceroute for IPv6 The traceroute6 command enables you to trace the route from a switch to a host device that is identi fied by an IPv6 address or IPv6 host name. In the command output, information on each (router) hop betwee n the switch and the destination IPv6 address is displayed. To u s[...]
-
Page 175
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Syntax: traceroute6 < ipv6-a ddress | hostname > [minttl < 1-255 > [maxttl < 1-255 > [timeout < 1 - 60 >] [probes < 1-5 >] [source <ipv6-addr | vlan-id>] traceroute6 < link-local-address %vlan< vid > | host name > [minttl < 1-255 >] [maxttl[...]
-
Page 176
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 ProCurve# traceroute6 2001:db8::10 traceroute to 2001:db8::10 1 hop min, 30 hops max, 5 sec. timeout , 3 probes 1 2001:db8::a:1c:e3:3 0 ms 0 ms 0 ms 2 2001:db8:0:7::5 7 ms 3 ms 0 ms 3 2001:db8::214:c2ff:fe4c:e480 0 ms 1 ms 0 ms 4 2001:db8::10 0 ms 1 ms 0 ms ProCurve# traceroute6 2001:db8::10 m[...]
-
Page 177
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 DNS Resolver for IPv6 The Domain Name System (DNS) resolv er is designed f or local network domains where it enables us e of a host name or fully qualified domain name to support DNS-compat ible commands fr om the switch. Beginning with soft- ware release K.13.0 1,DNS operati on supports the[...]
-
Page 178
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 — Continued from the previous page. — The no form of the command removes the specified address from the server address list configured on the switch. < ip-addr >: Specifies the address of an IPv6 or IPv4 DNS server . Syntax:. [no] ip dns domain-name < domain -name-suffix > Us[...]
-
Page 179
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 been configured as the domain name on the switch and th e address of a DNS server residing in that domain is also configured on the switch. The commands for these steps are as follows: ProCurve(config)# ip dns server priority 1 2001:db8::127:10 ProCurve(config)# ip dns domain-name mygroup.pr[...]
-
Page 180
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug/Syslog for IPv6 The Debug/System logging ( Syslog ) for IPv6 feature provi des the same logging functions as th e IPv4 vers ion, allowing you to record IPv4 and IPv6 Event Log and debug messages on a remote device to troubleshoot switch or network operation. For example, you can send m[...]
-
Page 181
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug Command Syntax: [n o] debug < debug-type > Configures the types of IPv4 and IPv6 messages that are sent to Syslog servers or other debug destinations, where < debug-t ype > is any of the following event types: acl When a match occurs on an ACL “deny” statement with a lo[...]
-
Page 182
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Syntax:. [no] debug < debug-type > (Continued) ip [ rip < database | event | trigger > Configures specified IPv4 RIP message types to be sent to configured debug destinations: database— D atabase changes event— RIP events trigger— T rigger messages ipv6 Configures messages [...]
-
Page 183
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 • debug destinatio n buffer enables the configured debug message types to be sent to a buff er in switch memory . Logging Command Syntax: [n o] logging < syslog-ipv4-addr > Enables or disables Syslog mess aging to the specified IPv4 address. You can configure up to six addresses. If [...]
-
Page 184
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 8-16[...]
-
Page 185
A Te r m i n o l o g y DAD Duplicate Address Detect ion. Refer to “Duplicate Address Detection (DAD)” on page 4-18. Device Identifier The low-order bit s in an IPv6 ad dre ss that identi fy a specific device. For example, in the link-local address 2001:db8:a10:101:212:79f f:fe88:a10 0/64, the bits forming 212:79ff: fe88:a100 comprise the device[...]
-
Page 186
Terminology A-2[...]
-
Page 187
Index Symbols … 4-7, 4-13 %vlan suffix … 5-6, 5-10, 5-13 A ACL debug messages … 8-13 address configuration DNS for IPv6 … 2-14 duplicate unicast addres ses … 3-6, 2-9, 4-18 IPv6 anycast address … 2-9, 2-11, 2-7, 2-8, 3-5, 3-11, 3-16, 3-17, 4-7, 4-13, 2-8, 3-5, 3-6, 3-8, 4-9, 2-8, 3-5, 4-12, 2-7, 3- 5, 3-11, 3-13, 4-6, 3-11 maximum numbe[...]
-
Page 188
DHPv6 messages … 8-14 event log messages … 8-13 IPv4/IPv6 event messages … 8-13, 8-12 LLDP messages … 8-14 using Syslog servers … 8-14 wireless-services messages … 8-14 denial-of-service ICMPv6 rate limiting … 2-13 deprecated address …4 - 2 2 device identifier in IPv6 address …3 - 4 See also interface identifier. DHCPv6 debug mess[...]
-
Page 189
quick start … 1-8 IP authorized managers for IPv6 … 2-12 IP masks for multiple authorized manager stations … 6-6, 6-5 used in configuring auth orized IP management … 6-5, 6-3 IP Preserve configuring … 5-23 DHCP-assigned address … 5-24 downloading configuration file to IPv6 switch … 5-24 feature description … 5-23, 2-11 IPv6 address [...]
-
Page 190
MIB support SNMP … 5-20 migration from IPv4 to IPv6 … 2-3, 2-4, 2-6 MLD blocking multicast pack et forwarding … 7-5, 7-9 configuration … 7-8 displaying configuratio n … 7-12, 7-15, 7-18, 7-20 forwarding multicast packets … 7-5, 7-9 overview … 2-11 reducing multicast flooding … 7-2, 7-4 snooping at port level … 7-2 used on IPv6 loc[...]
-
Page 191
SSHv2 for IPv6 … 2-11 setup screen …1 - 8 sFlow …5 - 2 0 SFTP See SCP/SFTP. show ipv6 … 2-9, 3-6, 4-6, 4-8, 4-10, 4-13, 4-15, 4-21 show run IPv6 output … 4-25 SNMP configuring SNMPv1/v2c trap receiver … 5-21 displaying SNMPv3 management station configuration … 5-23, 5-22 features supported for IPv6 … 5-20 IPv6 support … 2-15 remot[...]
-
Page 192
V autoconfiguration … 3-11 used within an organization … 3-19 unspecified address in IPv6 … 3 -25 valid lifetime of global unicast addres s … 3-7, 3-25, 4-8, 4-10 use of deprecated IPv6 address as source or destination … 4-32 VLAN deprecated global unicast address … 3-16, 3-25 DHCPv6 server-assigned address … 4-9 displaying IPv6 confi[...]
-
Page 193
[...]
-
Page 194
© Copyright 2009 Hewlett-Pack ard Development Company , L.P . February 2009 Manual Part Number 5992-544 1[...]