Ir para a página of
Manuais similares
-
Switch
HP (Hewlett-Packard) 336044-B21
9 páginas 0.32 mb -
Switch
HP (Hewlett-Packard) 12076A LAN/1000 LINK
156 páginas 0.55 mb -
Switch
HP (Hewlett-Packard) 4100gl Series
306 páginas 2.08 mb -
Switch
HP (Hewlett-Packard) 6200yl
65 páginas 3.45 mb -
Switch
HP (Hewlett-Packard) 6600
854 páginas 10.12 mb -
Switch
HP (Hewlett-Packard) 6108
418 páginas 5.19 mb -
Switch
HP (Hewlett-Packard) C-Series
28 páginas 0.25 mb -
Switch
HP (Hewlett-Packard) 8200zl
195 páginas 0.84 mb
Bom manual de uso
As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto HP (Hewlett-Packard) 6200yl. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoHP (Hewlett-Packard) 6200yl vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.
O que é a instrução?
A palavra vem do latim "Instructio" ou instruir. Portanto, no manual HP (Hewlett-Packard) 6200yl você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.
Infelizmente, pequenos usuários tomam o tempo para ler o manual HP (Hewlett-Packard) 6200yl, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.
Então, o que deve conter o manual perfeito?
Primeiro, o manual HP (Hewlett-Packard) 6200yl deve conte:
- dados técnicos do dispositivo HP (Hewlett-Packard) 6200yl
- nome do fabricante e ano de fabricação do dispositivo HP (Hewlett-Packard) 6200yl
- instruções de utilização, regulação e manutenção do dispositivo HP (Hewlett-Packard) 6200yl
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes
Por que você não ler manuais?
Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque HP (Hewlett-Packard) 6200yl não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos HP (Hewlett-Packard) 6200yl e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço HP (Hewlett-Packard) na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas HP (Hewlett-Packard) 6200yl, como para a versão papel.
Por que ler manuais?
Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo HP (Hewlett-Packard) 6200yl, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.
Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual HP (Hewlett-Packard) 6200yl. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação
Índice do manual
-
Página 1
IPv6 Configuration Guide www .pr ocurv e.com Pr oCurv e Switches K. 13.0 1 T . 13.0 1 8200zl 6200yl 5400zl 3500yl 2900[...]
-
Página 2
[...]
-
Página 3
ProCurve 8212zl Switch 6200yl Switch Series 5400zl Switches Series 3500yl Switches Series 2900 Switches IPv6 Configuration Guide January 2008 K.13.01 T .13.01[...]
-
Página 4
Hewlett-Packa rd Company 8000 Foothills Boulevard, m/s 5551 Roseville, California 95747-5551 http://www .procurve.com © Copyright 2008 Hewlett-Pa ckard Development Company, L.P . The in formation contained he rein is subject to change with- out notice. All Rights Reserved. This document contains proprie tary information, which is protected by copy[...]
-
Página 5
iii Contents Product Publications and IPv6 Command Index About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 6
iv Information So urces for Tunneling I Pv6 Over IPv4 . . . . . . . . . . . 2-5 Use Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Adding IPv6 Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Supported IPv6 Operation in Release K.13.01 . .[...]
-
Página 7
v 3 IPv6 Addressing Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 IPv6 Address Structure and Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-[...]
-
Página 8
vi Overview of the Multicast Operation in IPv6 . . . . . . . . . . . . . . . . . . . . 3-21 IPv6 Multicast Address Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 Multicast Group Iden tification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 Solicited-Node Multicas t Address Format . . . . . . . . . . . . . .[...]
-
Página 9
vii Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20 View the Current IPv6 Addressi ng Configuration . . . . . . . . . . . . . . 4-21 Router Access and Default Ro uter Selection . . . . . . . . . . . . . . . . . . . 4-27 Router Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 10
viii Using TFTP to Copy Files over IPv6 . . . . . . . . . . . . . . . . . . . . . . . 5-17 Using Auto-TFTP for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19 SNMP Management for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20 SNMP Features Supported . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 11
ix Configuring Fast Leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 Configuring Forced Fast Leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 Displaying M LD Status and C onfiguratio n . . . . . . . . . . . . . . . . . . . . . 7-12 Current MLD Status . . . . . . . . . . . . . . . . . . .[...]
-
Página 12
x[...]
-
Página 13
ix Product Publications and IPv6 Command Index About Y our Switch Manual Set Note For the latest version of all ProCur ve switch documentation, including Release Notes covering re cently added features, please v isit the ProCurve Networking W e b site at www .procurve.com , click on T ech nical support , and then click on Product manuals (all) . Pr[...]
-
Página 14
x The two publicati ons listed below suppor t all of the switch es covered by this manual except the ProCurve Series 2900 switches: ■ Command Line Interface Reference Guide —Provides a comprehensive description of CLI commands, syntax , and operations. ■ Event Log Message Reference Guide —Provides a comprehensive descrip- tion of event log [...]
-
Página 15
xi IPv6 Command Index This index pro vides a tool for l ocating description s of individual I Pv6 com- mands covered in this guide. Note A link-local add ress must include %vla n< vid > w ithout spaces as a suffix. For example: fe80::110:252%vlan20 The index begin s on the next page.[...]
-
Página 16
xii Command Min. Level Page Authorized Manager ipv6 authorized managers < ipv6-addr > * Global Config 6-5 show ipv6 authorized-managers Manager 6-12 Copy auto-tftp Global Config 5-19 copy tftp < target > < ipv6-addr > < filename > Manager 5-17 copy < source > tftp < ipv6-addr > < filename > Manager 5-18 tft[...]
-
Página 17
xiii IPv6 Management (Continued) ipv6 nd dad-attempts < 0 - 600 > Global Config 4-19 show ipv6 neighbors Operator 5-3 show ipv6 route Operator 4-29 show ipv6 routers Operator 4-30 snmp-server host < ipv6-addr > * Global Config 5-21 MLD ipv6 mld VLAN Config 7-8 ipv6 mld [< auto | blocked | forward > < port-list >] VLAN Config[...]
-
Página 18
xiv[...]
-
Página 19
1-1 1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 20
1-2 Getting Started Introduction Introduction This guide is intended for use w ith the following switch es: ■ ProCurve Switch 8200zl series ■ ProCurve Switch 5400zl series ■ ProCurve Switch 3500yl and 6200yl seri es ■ ProCurve Switch 2900 series I t describes ho w to use the command li ne interface (CLI) to configure, manage, monitor , and [...]
-
Página 21
1-3 Getting Started Conventions Command Prompts In the defaul t configuration, your sw itch displays a CLI prompt similar to the following example: ProCurve 8212zl# T o simpl ify recognition, this guid e uses ProCurve to represen t command prompts for all switch mode ls. For example: ProCurve# (Y ou can use the hostnam e command to change the text [...]
-
Página 22
1-4 Getting Started Sources for More Information Sources for More Information This guide covers features related to IPv6 operat ion in software relea se K.13.01, and includes an IPv6 command index on page xi. For information about switch operation and features no t covered in this guide, refer to the switch public ations listed in this sect ion. No[...]
-
Página 23
1-5 Getting Started Sources for More Information ■ Advanced T raffic Management Guide —Use this guide for info rmation on topics such as: • VLANs: Static port- based and protocol VLANs, and dyna mic GVRP VLANs • spanning-T ree: 802 .1D (STP), 802. 1w (RSTP), and 802.1s (MSTP) •m e s h i n g • Quality-of-Service (QoS) • Access Control [...]
-
Página 24
1-6 Getting Started Sources for More Information Getting Documentation From the W eb T o obtain the latest versions of documentation and release notes for your switch: 1. Go to the ProCurve Networking web site at www .procurve.com 2. Click on T echnical su pport . 3. Click on Product manuals . 4. Click on the pr oduct for whic h you want to view or[...]
-
Página 25
1-7 Getting Started Sources for More Information Command Line Interface If you need i nformation on a specific command in th e CLI, type the command name fo llowed by help . For example: Figure 1-3. Example of CLI Help W eb Browser Interface If you need information on specific features in the Pro Curve W eb Browser Interface, use the online Help. Y[...]
-
Página 26
1-8 Getting Started To Set Up and Install the Switch in Your Network T o Set Up and Install the Switch in Y our Network Use the ProCurve Installati on and Getting Started Guide (shipped with t he switch) for the following: ■ Notes, cautions, and warnings related to installing and using the switch and its relat ed modules ■ Instructions fo r phy[...]
-
Página 27
2-1 2 Introduction to IPv6 Contents Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Dual-Stack Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 28
2-2 Introduction to IPv6 Contents ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Traceroute6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 29
2-3 Introduction to IPv6 Migrating to IPv6 Migrating to IPv6 T o succ essfully migrate to IPv6 in volves maintainin g compatibility with the large installed base of IPv4 hosts an d routers for the immedi ate future. T o achieve this purpose, softwa re release K.1 3.01 supports dual-stack (IPv4/IPv6) operation and connectons to IPv6-awa re routers f[...]
-
Página 30
2-4 Introduction to IPv6 Migrating to IPv6 IPv6 Propagation IPv6 is currently i n the early stages of deployment worldwide, involving a phased-in migration led by the application of basic IPv6 functionality . In these applications, IPv6 traffic is switched among IPv6-capable de vices on a given LAN, and routed between LANs using IPv6-capable router[...]
-
Página 31
2-5 Introduction to IPv6 Migrating to IPv6 Connecting to Devices Supp orting IPv6 Over IPv4 T unneling The switches covered by this guide can interoperate with IPv6/IPv4 devices capable of tunneling IPv6 tr affic across an IPv4 infras tructure. Some exampl es include: ■ traffic between IPv6/IPv4 routers(router/router) ■ traffic between an IPv6/[...]
-
Página 32
2-6 Introduction to IPv6 Use Model Use Model Adding IPv6 Capability IPv6 was designed by the Internet Engineer ing T ask Force (IETF) to improve on the scalability , security , ease of configuration, and network management capabilities of IPv4. IPv6 provides increased flexibility an d connectivity for existing networ ked devices, addresses the limi[...]
-
Página 33
2-7 Introduction to IPv6 Configuration and Management The next three sections ou tline the IPv6 features supported in software release K.13.01. Configuration and Management This section ou tlines the con figurable manageme nt features supporting IPv6 operation on you r ProC urve IPv6-ready switch. Management Features Software release K.13.01 provid[...]
-
Página 34
2-8 Introduction to IPv6 Configuration and Management and the interface identifier currently in use i n the link-local address. Having a global unicast address and a connection to an IPv6- aw are ro uter enables IPv6 traffic on a VLAN to be routed to ot her VLANs supporting IPv6-aware device s. (Using software release K.13.01, an e xtern al, IPv6- [...]
-
Página 35
2-9 Introduction to IPv6 Configuration and Management Note In IPv6 for the switches co vered in this guide, th e default route cannot be statically configured. Al so, DHCPv6 does not include default route co nfigura- tion.) Refer to “Default IPv6 Router” on page 4-28 and “View IPv6 Gateway , Route, and Router Neighbors ” on page 4-29. Neigh[...]
-
Página 36
2-10 Introduction to IPv6 Configuration and Management IPv6 Management Features The switch's IPv6 management fe atures support operation in an environment employing IPv6 servers and management stations.With a link to a properly configured IPv6 router , switch management exte nds to rout ed traffic solu- tions. (Refer to the docu mentation prov[...]
-
Página 37
2-11 Introduction to IPv6 Configurable IPv6 Security IP Preserve IP Preserve operation preserves both the IPv4 and IPv6 addresses config ured on VLAN 1 (the default V LAN) when a config uration fi le is downlo aded to the switch usin g TF TP . Refer to “IP Preserve for IPv6” on page 5-23. Multicast Listener Discovery (MLD) MLD oper ates in a m [...]
-
Página 38
2-12 Introduction to IPv6 Configurable IPv6 Security supported between the switch and IPv6 management stations when SSH on the switch is also configur ed for IPv6 operation. Th e switch now offers these SSHv2 connect ion types: ■ IPv6 only ■ IPv4 only ■ IPv4 or IPv6 The switch supports up to six inbound sessions of the foll owing types in any[...]
-
Página 39
2-13 Introduction to IPv6 Diagnostic and Troubleshooting Caution The Authorized IP Managers feature do es not protect against unauthorized station access through a mode m or direct connection to the Console (RS-232) port. Also, if an unauth oriz ed station “spoofs” an auth orized IP address, then the unauthorized stati on cannot be blocked by t[...]
-
Página 40
2-14 Introduction to IPv6 Diagnostic and Troubleshooting Domain Name System (DNS) Resolution This feature enables resolving a host na me to an IPv6 address and the reverse, and takes on added importance over its IPv4 counterp art du e to the extended length of IPv6 addresses. W ith DN S-compatible commands, CLI command entry becomes easier for reac[...]
-
Página 41
2-15 Introduction to IPv6 IPv6 Scalability SNMP When IPv6 is enabled on a VLAN interf ace, y ou can manage the switch from a network management stati on configured with an IPv6 address. Ref er to “SNMP Management for IPv6” on pa ge 5-20. Loopback Address Like the IPv4 loopback address, the IPv6 loopback address (::1) can be used by the switch t[...]
-
Página 42
2-16 Introduction to IPv6 Path MTU (PMTU) Discovery Path MTU (PMTU) Discovery IPv6 PMTU operation is managed auto matically by the IPv6 nodes between the source and destination of a transmission. For Ethernet frames, the default MTU is 1500 bytes. If a router on th e path cannot forward the default MTU size, it sends an ICMPv6 message (P KT_TOO_BIG[...]
-
Página 43
3-1 3 IPv6 Addressing Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 IPv6 Address Structure and Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Address Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Address[...]
-
Página 44
3-2 IPv6 Addressing Contents Prefixes in Routable IPv6 Addr esses . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Unique Local U nicast IPv6 Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Anycast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 Multicast Ap plication[...]
-
Página 45
3-3 IPv6 Addressing Introduction Introduction IPv6 supports mult iple ad dresses on an interface, and uses them in a manner comparable to subnetting an IPv4 VLAN . For example, where the switch is configured with multiple VLANs and each is connected to an IPv6 router , each VLAN will have a sing le link-local ad dress and one or more global unicast[...]
-
Página 46
3-4 IPv6 Addressing IPv6 Address Structure and Format An IPv6 address includes a network prefix and an in terface identifier . Network Prefix The network prefix (hig h-order bits) in an IPv6 address begins with a well- known, fixed pref ix for defining the add ress type. Some examples of well- known, fixed prefixes are: 2000::/3global (routable) un[...]
-
Página 47
3-5 IPv6 Addressing IPv6 Addressing Options IPv6 Addressing Options IPv6 Address Sources IPv6 addressing sources pr ovide a flexible method ol ogy for assigning addresses to VLAN interfaces on the switch. Op tions include: ■ stateless IPv6 autoconfiguration on VLAN interfaces includes: • link-local unica st addresses • global unicast addresse[...]
-
Página 48
3-6 IPv6 Addressing IPv6 Addressing Options Stateful Address Autoconfiguration. This method allows use of a DHCPv6 server to automatically config ure IPv6 addressing on a host in a manner similar to stateful IP addressi ng with a DHCPv4 server . For software release K.13.01, a DHCPv6 server can pr ovide routable IPv6 ad dressing and NTP (timep) ser[...]
-
Página 49
3-7 IPv6 Addressing IPv6 Address Sources IPv6 Address Sources IPv6 addressing sources pr ovide a flexible method ol ogy for assigning addresses to VLAN interfaces on the switch. Op tions include: ■ stateless IPv6 autoconfiguration on VLAN interfaces includes: • link-local unica st addresses • global unicast addresses ■ stateful IPv6 address[...]
-
Página 50
3-8 IPv6 Addressing IPv6 Address Sources servers. These lifetimes cannot be rese t using control from the switch console or SNMP method s. Refer to “Preferred and V alid Address Lifet imes” on page 3- 25. Stateful (DHCPv6) Ad dress Configuration Stateful addresses are defined by a system administrator or ot her authority , and automatically ass[...]
-
Página 51
3-9 IPv6 Addressing IPv6 Address Sources Static Address Configuration Generally , static address configuratio n should be used when you w ant specific, non-default addressing to be assigned to a VLAN interface. For IPv6, DHCP use is indic ated for condition s such as the following : ■ address conventions used in your network require defi ned cont[...]
-
Página 52
3-10 IPv6 Addressing Address Types and Scope Address T ypes and Scope Address T ypes IPv6 uses these IP address types: ■ Unicast: Identifi es a specific IPv6 interf ac e. T raffic having a unicast destination address is in tended for a single interface. Like IPv4 addresses, unicast addresses can be assigned to a specific VLAN on the switch and to[...]
-
Página 53
3-11 IPv6 Addressing Address Types and Scope Address Scope The address scope determines the ar ea (topology) in which a given IPv6 address is used. This section provid es an overview of IPv6 address types. For more information, refe r to the chapter titl ed “IPv6 Addressing”. Link-Local Address. Limited to a g iven interfa ce (VLAN). Enabling I[...]
-
Página 54
3-12 IPv6 Addressing Address Types and Scope In binary notation, the fixed prefi x for link-local prefixes is: 1111 1110 10 = fe80/10 For more on link-local addr esses, refer to “Link-Lo cal Unicast Address” on page 3-13. Routable Global Unicast Prefix. Th is well-known 3-bit fixe d-prefix ind i- cates a routable address used to identify a devi[...]
-
Página 55
3-13 IPv6 Addressing Link-Local Unicast Address Other Prefix T ypes. There are other designated global unicast prefixes such as those for the following address types: ■ RFC 4380: “T eredo: T unneling IPv6 over UDP” ■ RFC 3056: “Connection of IPv6 Domains via IPv4 Clouds” ■ RFC 4214: “Intra-Site Automatic T unnel Addressing Protocol [...]
-
Página 56
3-14 IPv6 Addressing Link-Local Unicast Address Because al l VLANs config ured on the switch use th e same MAC addre ss, all automatically generated lin k-local addresses on the switch will have the same link-local address. However , since the scope of a link-local address includ es only the VLAN on whic h it was generated, this sh ould not be a pr[...]
-
Página 57
3-15 IPv6 Addressing Link-Local Unicast Address The EUI me thod of g enerating a link-l ocal addre ss is automatically imple- mented on the switches covered by this guide when IP v6 is enabled on a VLAN interface. If automatically generated link-l ocal addresses are not suit able for the addressing scheme you wan t to use, st atically assigned link[...]
-
Página 58
3-16 IPv6 Addressing Global Unicast Address Global Unicast Address A global unicast address is required for uni cast traffic to be routed across VLANs within an organization as well as across the public internet. T o support subnetting, a VLAN can be configured wi th multiple global unic ast addresses. Any of the fo llowing methods can be used to c[...]
-
Página 59
3-17 IPv6 Addressing Global Unicast Address ■ generate a link-local address on the VLA N as described in the preceedi ng section (page 3-13). ■ transmit a router solicit ation on the VLAN, and to listen for adverti se- ments from any IPv6 routers on the VLAN. For each unique router advertisement (RA) the swi tch receiv es from any router(s), th[...]
-
Página 60
3-18 IPv6 Addressing Global Unicast Address Prefixes in Routable IPv6 Addresses In routable IPv6 addresses, the prefix uniquely identifies an entity and a unicast subnet within that entity , and is defi ned by a length value specifying the number of leftm ost contiguous (high-or der) bits comprising the pref ix. For an automatically generated globa[...]
-
Página 61
3-19 IPv6 Addressing Unique Local Unicast IPv6 Address Unique Local Unicast IPv6 Address A unique local unicast address i s an addr ess that falls within a specific range, but is used only as a global unicast ad dress within an or ganization. T raffi c having a source address with in the defined range should not be allowed beyond the borders of the[...]
-
Página 62
3-20 IPv6 Addressing Anycast Addresses Anycast Addresses Network size, traffic loads and the pot ential for network changes make it desirable to buil d in redundancy for some n etwork services to prov ide increased service reliabilit y . Anycast ad dressing provides thi s capability for applications wh ere it does not matter wh ich sou rce is actua[...]
-
Página 63
3-21 IPv6 Addressing Multicast Application to IPv6 Addressing For related information, refer to: ■ RFC 4291: “IP V ersion 6 Addressing Archetecture” ■ RFC 2526: “Reserved IPv6 Su bnet A nycast Addresse s” Multicast Application to IPv6 Addressing Multicast is used to reduce traffic for applications that ha ve more than one recipient for [...]
-
Página 64
3-22 IPv6 Addressing Multicast Appl ication to IPv6 Addressing For informati on on Multicast Li stener Discovery (MLD) refer to the chapter titled “Multi cast Listener Discovery ( MLD) Snooping”. When MLD is enabled on an interface, you can use show ipv6 m ld [ vlan < vid >] to list the activ e multicast group ac tivity the switch has de [...]
-
Página 65
3-23 IPv6 Addressing Multicast Application to IPv6 Addressing ■ multicas t scope: Bits 13-16 set boundaries on mu lticast traffic dist ribu- tion, such a s the interfa ce defined by the link-local unicast a ddress of an area, or the network bou ndaries of an organization. Because IPv6 uses multicast technology in pl ace of the broadcast technolog[...]
-
Página 66
3-24 IPv6 Addressing Loopback Address fe90::215:60ff:fe7a:adc0 then the corresponding soli cited-node multicast addr ess is ff02:0:0:0:0: 1:ff7a:adc0 For related information, refer to: ■ RFC 2375: IPv6 Multicast Address Assignments ■ RFC 3306: Unicast-Prefix-based IPv6 Multic ast Addresses ■ RFC 3956: Embedding the Rendezvous Point (RP) Addre[...]
-
Página 67
3-25 IPv6 Addressing The Unspecified Address The Unspecified Address The “unspecified” address is defined as 0.0. 0.0.0.0.0.0 (::/128, or just ::). It c an be used, for example, as a temporary so urce address in mul ticast traffic sent by an interface that has not yet acquir ed its own address. The unspecified address cannot be statically confi[...]
-
Página 68
3-26 IPv6 Addressing IPv6 Address Deprecation Notes Preferred and valid lifetimes on a VLAN interface are determin ed by the router advertisements received on the interface. These values are not affecte d by the lease time assigned to an address by a DHC Pv6 server . That is, lease expiration on a DHCPv6-assign ed address terminat es use of the add[...]
-
Página 69
4-1 4 IPv6 Addressing Configuration Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 General Configuration St eps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Configuring IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 70
4-2 IPv6 Addressing Configuration Contents Router Solicitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Default IPv6 Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 Router Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 71
4-3 IPv6 Addressing Configuration Introduction Introduction In the default configurati on, IPv6 operation i s disabled on the switch. This section describes the gener al steps and individual c ommands for enabling IPv6 operati on. This chapter pro vides the follow ing: ■ general steps for IPv6 configuration ■ IPv6 command synt ax descriptions, [...]
-
Página 72
4-4 IPv6 Addressing Configuration General Configuration Steps General Configuration Steps The IPv6 configuration on switches runn ing software re leas e K.13.01 includes global and per -VLAN settings. This sect io n provides an overview of the genera l configuration steps for enab ling IPv6 on a given VLAN and can be ena bled by any one of several [...]
-
Página 73
4-5 IPv6 Addressing Configuration Configuring IPv6 Addressing 4. If needed, stat ically configure IP v6 unicast addressi ng on the VLAN interface as needed. This can include any of the following: • statically repl acing the automati cally generated link-local address • statica lly addi ng global u nicast, unique local unicast, and/or anycast ad[...]
-
Página 74
4-6 IPv6 Addressing Configuration Enabling IPv6 with an Automatically Con figured Link-Local Address Enabling IPv6 with an Automatically Configured Link-Local Address This command enables auto matical configuration of a link-local ad dress . T o view the curre nt IPv6 Enable settin g and any statically configured IPv6 addresses per -VLAN, use show [...]
-
Página 75
4-7 IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Rout er Ide ntity on a VLAN Enabling Automatic Configuration of a Global Unicast Address and a Default Router Identity on a VLAN Enabling autoconfig or rebooting th e switch with autoco nfig enable d on a VLAN causes the swi tch to configur[...]
-
Página 76
4-8 IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Router Identity on a VLAN T o view the curre nt IPv6 autoconf iguration settings per - VLAN, use show run . T o view all cu rrently conf igured IPv6 unicast addresses, use the following: ■ show ipv6 (Lists IPv6 addresses for a ll VLANs co[...]
-
Página 77
4-9 IPv6 Addressing Configuration Enabling DHCPv6 Enabling DHCPv6 Enabling the DHCPv6 option on a VLA N a llows the swi tch to obtain a global unicast address and an NTP (network time pr otocol) server assignm ent for a T imep server . (If a DHCPv6 server is not needed to provide a global unicast address to a switch interface, the server can still [...]
-
Página 78
4-10 IPv6 Addressing Configuration Enabling DHCPv6 T o view the current IPv6 DHCPv6 settings per -VLAN, use show run . T o view all cu rrently conf igured IPv6 unicast addresses, use the following: ■ show ipv6 (Lists IPv6 addresses for a ll VLANs configured on the switch.) ■ show ipv6 vlan < vid > (Lists IPv6 add resses c onfigured on the[...]
-
Página 79
4-11 IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN ■ DHCPv6 and statically configured global unicast or anycast addresses are mutually exclusive on a given VLA N . That is, configuring DHCPv6 on a VLAN erases any static global unic ast or anycast addresses previously configured on that VLAN, and the revers e. (A stati[...]
-
Página 80
4-12 IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-Local Unicast Address Syntax: [no] ipv6 address fe80::< device-identif ier > link-local ■ If IPv6 is not already enable d on the VLAN, this command enables IPv6 and configures a static link-local address. ■ If IPv6 is already enabl[...]
-
Página 81
4-13 IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Statically Configuring A Global Unicast Address T o view the c urrently configured static IPv6 addresses per -VLAN, use show run . T o view all cu rrently conf igured IPv6 unicast addresses, use the following: ■ show ipv6 (Lists IPv6 addresses for a ll VLANs configure[...]
-
Página 82
4-14 IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Operating Notes ■ W ith IPv6 enabled, the switch determ ines the default IPv6 router for the VLAN from the router advertisements it receives. (Refer to “Router Access and Default Router Select ion” on page 4-27.) ■ If DHCPv6 is configured on a VLAN, then configur[...]
-
Página 83
4-15 IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN T o verify the i dentity of anycast addre sses configured for VLANs to which the switch belongs, use the show run command. T o view all cu rrently conf igured IPv6 unicast addresses, use the following: ■ show ipv6 (Lists IPv6 addresses for a ll VLANs configured on the[...]
-
Página 84
4-16 IPv6 Addressing Configuration Disabling IPv6 on a VLAN Duplicate Address Detectio n (DAD) for Statically Configured Addresses Statically configured IPv6 addresses are designated as permane nt. If DAD determines t hat a statically configured address dupl icates a previo usly config- ured and reachable add ress on another device belonging to the[...]
-
Página 85
4-17 IPv6 Addressing Configuration Neighbor Discovery (ND) Neighbor Discovery (ND) Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP for layer 2 address resolution, and uses IPv6 IC MP messages to do the following: ■ Determine the link-lay er address of neighbors on the same VLAN inter- face. ■ V erify that a neighbor is reachable.[...]
-
Página 86
4-18 IPv6 Addressing Configuration Duplicate Address Detection (DAD) Note: Neighbor and router so licitations mu st originate on t he same VLAN as the receiving device. T o support this operation, IPv6 is de signed to discard any incoming neighbor or router solicitation that does not have a value of 255 in the IP Hop Limit field. For a complete lis[...]
-
Página 87
4-19 IPv6 Addressing Configuration Duplicate Address Detection (DAD) that includes its link-local a ddress. If the newly configured address is from a static or DHCPv6 source and is found to be a duplicate, it is labelled as duplicate in the “Address Status” field of the show ipv6 command, and is not used. If an auto configured ad dress is found[...]
-
Página 88
4-20 IPv6 Addressing Configuration Duplicate Address Detection (DAD) Operating Notes ■ A verified link-local unicast address must exist on a VLAN interface before the switch can run DAD on other addr esses associated with the interface. ■ If a previously configured unicast ad dres s is changed, a neighbor adver- tisement (an all-nodes multicast[...]
-
Página 89
4-21 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration V iew the Current IPv6 Addressing Configuration Use these commands to view the current status of the IPv 6 configuration on the switch. Syntax: show ipv6 Lists the current, global IPv6 settings and per -VLAN IPv6 addressing on the switch. IPv6 Routing: For software re[...]
-
Página 90
4-22 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration For example, figure 4-1 shows the outp ut on a switch having IPv6 enabled on one VLAN. Address Origin: ■ Autoconfig: The address was configured using stateless address autoconfiguration (S LAAC). In this case, the device identifier for global uni cast addresses copi[...]
-
Página 91
4-23 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Figure 4-1. Example of Show IPv6 Command Output ProCurve(config)# show ipv6 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts : 3 Vlan Name : DEFAULT_VLAN IPv6 Status : Disabled Vlan Name : VLAN10 IPv6 Status : E[...]
-
Página 92
4-24 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ■ DAD Attempts: Indicates the number of neighbor solicita- tions the switch transmit s per - address for duplicate (IPv6) address detection. Implemented when a new address is configured or when an interface with config- ured addresses comes up (such as after a reboo[...]
-
Página 93
4-25 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Figure 4-2. Example of Show IPv6 VLAN < vid > Output ProCurve(config)# show ipv6 vlan 10 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts : 3 Vlan Name : VLAN10 IPv6 Status : Enabled IPv6 Address/Prefixlen[...]
-
Página 94
4-26 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Figure 4-3. Example of Show Run Output Listin g the Current IPv6 Addressing Commands ProCurve(config)# show run Running configuration: . . . vlan 10 name "VLAN10" untagged A1-A12 ipv6 address fe80::127 link-local ipv6 address 2001:db8::127/64 ipv6 address 20[...]
-
Página 95
4-27 IPv6 Addressing Configuration Router Access and Default Router Selection Router Access and Default Router Selection Routing traffic between destin ations on different VLANs configured on the switch or to a destination on an off- swit ch VLAN is done by placing the switch on the same VLAN interface or subnet as an IPv6-capable router configured[...]
-
Página 96
4-28 IPv6 Addressing Configuration Router Access and Default Router Selection Note If the switch does not re ceive a router advertisemen t after sending the router solicitations, as described above, then no further router solicitations are sent on that VLAN unle ss a new IPv6 settin g is configured, IPv6 on the VLAN is disabled, then re-enable d, o[...]
-
Página 97
4-29 IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors V iew IPv6 Gateway , Route, and Router Neighbors Use these commands to view the switch 's current routing table content and connectivity to routers per VLAN. This i n cludes information re ceived in router advertisements from IPv6 rout ers on VL ANs enabled with[...]
-
Página 98
4-30 IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors Figure 4-4. Example of Show IPv6 Route Output V iewing IPv6 Router Information ProCurve(config)# show ipv6 route IPv6 Route Entries Dest : ::/0 Type : static Gateway : fe80::213:c4ff:fedd:14b0 %vlan10 Dist. : 40 Metric : 0 Dest : ::1/128 Type : connecte d Gateway : lo[...]
-
Página 99
4-31 IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors For example, figure 4-5 indicates that th e switch is receivi ng router advertise- ments from a single router that exists on VLAN 10. Figure 4-5. Example of Show IPv6 Routers Output MTU: This is the Maximum T ran smission Unit (in bytes) allowed for frames on the pat[...]
-
Página 100
4-32 IPv6 Addressing Configuration Address Lifetimes Address Lifetimes Every configured IPv6 unic ast and anycas t address has a lifetime setting that determines how long the address can be used b efore it must be refreshed or replaced. Some addresses are set as “p ermanent” and do not expire. Othe rs have both a “preferred” and a “valid?[...]
-
Página 101
4-33 IPv6 Addressing Configuration Address Lifetimes T able 4-1. IPv6 Unicast Addresses Lifetimes A new , preferred address used as a re placement for a deprecated address can be acquired from a man ual, DHCPv6, or au toconfigurati on source. Address Source Lifetime Criteria Link-Local Permanent Statically Configured Uni cast or Anycast Perman ent [...]
-
Página 102
4-34 IPv6 Addressing Configuration Address Lifetimes[...]
-
Página 103
5-1 5 IPv6 Management Features Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Viewing and Clearing the IPv6 Neighbors Cache . . . . . . . . . . . . . . . . 5-2 Viewing the Neighbor Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Clearing the[...]
-
Página 104
5-2 IPv6 Management Features Introduction Introduction This chapter focuses on the IPv6 ap plicatio n of managem ent fe atures in software release K.13.01 that support both IPv6 and IP v4 operation. Fo r additional information on these features, refer to the current Management and Configuration Guide for your switch. V iewing and Clearing the IPv6 [...]
-
Página 105
5-3 IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache V iewing the Neighbor Cache Neighbor discovery occurs when th ere is communication between IPv6 devices on a VLAN. The Neighbor Cache re tains data for a given neighbor until the entry times out. For more on this topi c, refer to “Neighbor Discovery (ND)” on page 4-17. S[...]
-
Página 106
5-4 IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Figure 5-1. Example of Neighbor Ca che Without Specifying a VLAN Figure 5-2. Example of Neighbor Ca che Content for a Specific VLAN — Continued from previous page. — • ST ALE : A timeout has occurred for reachability of the neigh- bor , and an unsolicited discov ery pa[...]
-
Página 107
5-5 IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Clearing the Neighbor Cache When there is an eve nt such as a to pology change or an address change, the neighbor cache may have too many entries to allow efficient use. Also, if an unauthorized client i s answering DAD or normal n eighbor solicitati ons with invalid repl ie[...]
-
Página 108
5-6 IPv6 Management Features Telnet6 Operation T elnet6 Operation This section describes T elnet operation for IPv6 on the switch . For IPv4 T elnet operation, refer to the Management and Configurat ion Guide for your switch. Outbound T elnet6 to Another Device For example, to T elnet to anot her IPv6 dev ice having a lin k-local addres s of fe80::[...]
-
Página 109
5-7 IPv6 Management Features Telnet6 Operation V iewing the Current T eln et Activity on a Switch For example, the followin g figure shows that the switch is running one outbound, IPv4 session and is being accessed by t wo inbound sessions. Figure 5-4. Example of Show T elnet Output wi th Three Sessions Active Syntax: show telnet This command shows[...]
-
Página 110
5-8 IPv6 Management Features Telnet6 Operation Enabling or Disabling Inbound T elnet6 Access For example, to disable T e lnet6 access to the switch, you would use this com- mand: ProCurve(config)# no telnet6-server V iewing the Current Inbound T elnet6 Configuration Figure 5-5. Show Console Outpu t S howing Default Conso le Configuration Syntax: [ [...]
-
Página 111
5-9 IPv6 Management Features SNTP and Timep SNTP and T imep Configuring (Enabling or Disabling) the SNTP Mode Software release K.13.01 enables configur ation of a global unicast address for IPv6 SNTP time server . This section lists the SNTP and relate d commands, inclu ding an exam ple of using an IPv6 address. For the details of configuring SNTP [...]
-
Página 112
5-10 IPv6 Management Features SNTP and Timep Configuring an IPv6 Addr ess for an SNTP Server Note T o use a gl obal unicast IPv6 address to configure an IPv6 SNTP time serv er on the switch, th e switch must be receivin g advertisem ents from an IPv6 router on a VL AN configured on the switch. T o use a li nk-local IPv6 address to config ure an IPv[...]
-
Página 113
5-11 IPv6 Management Features SNTP and Timep For example, to configure link-local and global unicast SNTP server addresses of: ■ fe80::215:60ff:fe7a:adc0 (on VLAN 10, configured on the switch) ■ 2001:db8::215:60 ff:fe79 :8980 as the priority “1” and “2” SNTP server s, respectiv ely , using version 7, you would enter these commands at th[...]
-
Página 114
5-12 IPv6 Management Features SNTP and Timep For example, the show sntp output for the preceeding sntp server command example would appear as follows: Figure 5-6. Example of Show SNTP Output with Both an IPv6 and an IPv4 Se rver Address Conf igured Note that the show management command can also be used to display SNTP server information. Configurin[...]
-
Página 115
5-13 IPv6 Management Features SNTP and Timep Note T o use a g lobal unicast IPv6 address to configure an IPv6 Timep server on the switch, the switch must be receiving a dvertisements from an IPv6 route r on a VLAN configured on the switch. T o use a link-l ocal IPv6 address to configure an IPv6 T imep server on the switch, it is necessary to append[...]
-
Página 116
5-14 IPv6 Management Features SNTP and Timep ProCurve(config)# ip timep manual fe80::215:60ff:fe7a:adc0%vlan10 Note In the precee ding exampl e, using a lin k-l ocal address requires that you specify the local scope for the address; VLAN 10 in this case. This is al ways indicated by %vlan followed immediately (without sp aces) by the VLAN identifie[...]
-
Página 117
5-15 IPv6 Management Features TFTP File Transfers Over IPv6 TF TP File T ransfers Over IPv6 TF TP File T ransfers over IPv6 Y ou can use TF TP copy commands over IPv6 to up load, or downlo ad files to and from a physically connected device or a remote TF TP server , including: ■ Switch softw are ■ Software images ■ Switch configur ations ■ [...]
-
Página 118
5-16 IPv6 Management Features TFTP File Transfers Over IPv6 Enabling TF TP for IPv6 TF TP for IPv6 is enabled by defa ult on the swi tch. However , if it is di sabled, you can re-enable it by specify ing TF TP cl ient or server functio nality with th e tftp6 < client | server > command. Enter the tftp6 < client | server > command at the[...]
-
Página 119
5-17 IPv6 Management Features TFTP File Transfers Over IPv6 Using TF TP to Copy Files over IPv6 Use the TF TP copy commands described in this section to: ■ Download specified files from a TF TP server to a switc h on which TF TP client functionality is enabled. ■ Upload specified fi les from a switch, on which TF TP server function ality is ena[...]
-
Página 120
5-18 IPv6 Management Features TFTP File Transfers Over IPv6 . ■ flash < primary | secondary >: Copies a software file stored on a remote host to primary or secondary flash memory on the switch. T o run a newly downloaded soft ware image, enter the reload or boot sy stem flash command. ■ pub-key-file : Copies a public-key file to the switc[...]
-
Página 121
5-19 IPv6 Management Features TFTP File Transfers Over IPv6 Using Auto-TF TP for IPv6 The auto-TF TP for IPv6 feature automati cally do wnloads a softwa re image to a switch, on which TF TP client functionali ty is enabled, from a specified IPv6- based device at switch startup. Y ou mu st reboot the switch to implement the downloaded software image[...]
-
Página 122
5-20 IPv6 Management Features SNMP Management for IPv6 SNMP Management for IPv6 As with SNMP for IPv4, you can manage a switch via SNMP from an IPv6- based network management st ation by usin g an application such a s ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). (For more on PCM and PCM+, go to the Pro Curve Networking web site at www .p[...]
-
Página 123
5-21 IPv6 Management Features SNMP Management for IPv6 SNMP Configuration Commands Supported IPv6 addressing is su pported in the following SNMP co nfiguration commands: For more information on each SNMP conf iguration procedure, r efer to the “Configuring for Network M anagement Applications” chapter in the current Management and Conf iguratio[...]
-
Página 124
5-22 IPv6 Management Features SNMP Management for IPv6 The show snmp-server command displa ys the current SNMP policy configuration, incl uding SNMP communitie s, network security notifi cations, link-change traps, trap receiv ers (includi ng the IPv4 or IPv6 addre ss) that can receive SNMPv1 and SNMPv2c traps, an d the source IP (interface) addres[...]
-
Página 125
5-23 IPv6 Management Features IP Preserve for IPv6 The show snmpv3 targetaddress command displays the configu ration (including the IPv4 or IPv6 address) of the SNMPv3 management stati ons to which notification messages are se nt. Figure 5-9. “show snmpv3 targetaddress” Command Output with IPv6 Address IP Preserve for IPv6 IPv6 supports the IP [...]
-
Página 126
5-24 IPv6 Management Features IP Preserve f or IPv6 Figure 5-10. Example of How to Enter IP Preserve in a Configuration File T o download an IP Pr eserve conf iguration f ile to an IPv6 -based switc h, enter the TF TP copy command as described in “TF TP File T ransfers over IPv6” on page 5-15 to copy the file as the ne w startup-config file on [...]
-
Página 127
5-25 IPv6 Management Features IP Preserve for IPv6 Note that if a switch received its IP v6 address from a DHCP serve r , the “ip address” field under “vlan 1” would displ ay: dhcp-bootp . Figure 5-11. Configuration File w ith Dedicated IP Ad dressing After Startup with IP Preserve For more information on how to use the IP Preserve f eature[...]
-
Página 128
5-26 IPv6 Management Features IP Preserve f or IPv6[...]
-
Página 129
6-1 6 IPv6 Management Security Features Contents IPv6 Management Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Authorized IP Managers for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Usage Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 130
6-2 IPv6 Management Security Features IPv6 Management Security IPv6 Management Security This chapter describes manageme nt secu rity feat ures that are IPv6 counter- parts of IPv4 management security featur es on the switches covered by this guide. This chapter describes the foll owin g IPv6-enabled ma nagement security features included in softwar[...]
-
Página 131
6-3 IPv6 Management Security Features Authorized IP Managers for IPv6 Authorized IP Managers for IPv6 The Authorized IP Managers feature us es IP addresses and masks to deter- mine which stations (PCs or workstat ions) can access the switch through the network. This feature supports swi tch access through: ■ T elnet and other terminal emulation a[...]
-
Página 132
6-4 IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Y ou configure each authorized manage r address with Manager or Opera- tor -level privilege to acc ess the swit ch in a T elnet, SNMPv1, or SNMPv 2c session. (Access privilege for SSH, SNMPv3, and web browser sessions are configured through the access appl ication, not throug[...]
-
Página 133
6-5 IPv6 Management Security Features Authorized IP Managers for IPv6 Configuring Authorized IP Managers for Switch Access T o configure one or more IPv6-based manag ement stations to access the switch using th e Authorized IP Managers feature, enter the ipv6 authori zed- managers command Using a Mask to Configur e Authorized Management Stations Th[...]
-
Página 134
6-6 IPv6 Management Security Features Authorized IP Managers for IPv6 Notes If you do not enter a value for the ipv6-mask parameter when you configure an authorized IPv6 address, th e switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the default mask (see “Configuring Authorized IP Managers for Switch Access” on page 6-5). If[...]
-
Página 135
6-7 IPv6 Management Security Features Authorized IP Managers for IPv6 Conversely , in a mask, a “0” binary bit mean s that ei ther the “ on” or “off” sett ing of the corresponding IPv6 bit in an au thorized address is valid and does not have to match th e setting of the same bi t in the specified IPv6 address. Figure 6-2 shows the binar[...]
-
Página 136
6-8 IPv6 Management Security Features Authorized IP Managers for IPv6 Example. Figure 6-3 shows an example in which a mask that authorizes switch access to four management stat ions is applied to the IPv6 address: 2001:DB8:0000:0000:244:17FF:FEB6:D37D . The mask is: FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC . Figure 6-3. Example: Mask for Configu rin[...]
-
Página 137
6-9 IPv6 Management Security Features Authorized IP Managers for IPv6 to 0 (“off”) and allow the correspondin g bits in an authorize d IPv6 address to be either “on” or “off”. As a result, only th e four IPv6 addresses shown in Figure 6-5 are all owed access. Figure 6-5. Example: How Hexadecim al C in a Mask Authorizes Four IPv6 Ma nage[...]
-
Página 138
6-10 IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Each authorized station has the same 64-bit device ID ( 244:17FF:FEB6:D37D ) because the value of the last four blocks in the mask i s FFFF (binary value 1111 1111). FFFF requires all bits in each correspon ding block of an authorized IPv6 address to have the same “on” o[...]
-
Página 139
6-11 IPv6 Management Security Features Authorized IP Managers for IPv6 Figure 6-7 shows the bits in the fourth block of the mask that determine the valid subnets in which authorized stat ions with an IPv6 device ID of 244:17FF:FEB6:D37D reside. FFF8 in the fourth block o f the mask means that bits 3 - 15 of the block are fixed and, in an authorized[...]
-
Página 140
6-12 IPv6 Management Security Features Authorized IP Managers for IPv6 Displaying an Authorized IP Managers Configuration Use the show ipv6 authorized-ma nagers command to list the IPv6 stations authorized to access th e switch; for example: Figure 6-9. Example of “show ipv6 authorized -managers” Output By analyzing the masks displayed in Figur[...]
-
Página 141
6-13 IPv6 Management Security Features Authorized IP Managers for IPv6 Additional Examples of Au thorized IPv6 Managers Configuration Authorizing Manager Access. The following IPv6 co mmands authoriz e manager -level access for one link-loc al stat ion at a time. Note that when you enter a link-local IPv6 address with the ipv6 authorized-managers c[...]
-
Página 142
6-14 IPv6 Management Security Features Authorized IP Managers for IPv6 The next IPv6 command authorizes oper ator -level access for sixty-four IPv6 stations: thirt y-two stations in the subnets defined by 0x0006 and 0x0007 in the fourth block of an authorized IPv6 address: ProCurve(config)# ipv6 authorized-managers 2001:db8:0000:0007:231:17ff:fec5:[...]
-
Página 143
6-15 IPv6 Management Security Features Secure Shell for IPv6 Secure Shell for IPv6 The Secure Shell (SSH) for IPv6 featur e prov ides the sa me T elnet-like f unc- tions through encrypted, au thenticated transactions as SSH for IPv4. SSH for IPv6 provides CLI (console) access and se cure file transfer functionality . The following types o f tran sa[...]
-
Página 144
6-16 IPv6 Management Security Features Secure Shell for IPv6 Note As with IPv4, the switch only supports SSH versi on 2. Y ou cannot set up an SSH session with a cli ent device runnin g SSH version 1. For complete info rmation on how to conf igure SSH for encrypt ed, authenti- cated transactions between the switch and SSH-en abled clie nt devices, [...]
-
Página 145
6-17 IPv6 Management Security Features Secure Shell for IPv6 Displaying an SSH Configuration T o verify an SSH for IPv6 configuratio n and display all SSH sessions running on the switch, enter th e show ip ssh command. Inform ation on all current SSH sessions (IPv4 and IPv6) is displayed. ProCurve(config)# show ip ssh SSH enabled : Yes TCP Port Num[...]
-
Página 146
6-18 IPv6 Management Security Features Secure Copy and Secure FTP for IPv6 Secure Copy and Secure F TP for IPv6 Y ou can take advantage of the Secure Copy (SCP) and Secure F TP (SF TP) client applicati ons to provide a secure alternative to TF TP for transferring sensitive switch in formation, such as config uration files and login in forma- tion, [...]
-
Página 147
7-1 7 Multicast Listener Di scovery (MLD) Snooping Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Introduction to MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Configuring MLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 148
7-2 Multicast Listener Discovery (MLD) Snooping Overview Overview Multicast addressi ng allows on e-to-many or many-to -many communicatio n among hosts on a net work. T ypical applicatio ns of multicast co mmunication include audio and video streaming, de sktop conferenci ng, coll aborative com- puting, and simi lar applications. Multicast Listener[...]
-
Página 149
7-3 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Introduction to MLD Snooping There ar e several rol es that ne twork device s may play i n an IPv6 multicast environment: ■ MLD host — a network node that uses MLD to “join” (subscribe to) one or more multicast groups ■ multicas t router — a router that routes [...]
-
Página 150
7-4 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping General opera tion. Multicast communication can take place without ML D, and by default MLD is disabl ed. In that case, if a switch receives a packet with a multicast destinati on address, it fl oods the packet to all ports in the same VLAN (except the port that it ca me i[...]
-
Página 151
7-5 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Note that MLD snoop ing operates on a single V LAN (though there can be multiple VLANs, each runni ng MLD snooping). Cross-VLAN traffic is handled by a multicast router . Forwarding in MLD snooping. When MLD snooping is active, a multicast packet is handled by the switch a[...]
-
Página 152
7-6 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping A network node establ ishes itself as an MLD h ost by issuing a multi cast “join” request (also called a multicast “report”) for a specific multicast address when it starts an application that listens to multicast traffic . The switch to which the node is connected[...]
-
Página 153
7-7 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Fast leaves and forc ed fast leaves. The fast leave a nd forced fast leave functions can help to prune unnecessary mu lticast traffic when an MLD host issues a leave request from a multicas t a ddress. Fast leave is enabled by default and forced fast leave is disabled by d[...]
-
Página 154
7-8 Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring MLD Several CLI commands are available fo r configuring MLD parameters on a switch. Enabling or Disabling MLD Snooping on a VLAN For example, to enable MLD snooping on VLAN 8: ProCurve# config ProCurve(config)# vlan 8 ProCurve(vlan-8)# ipv6 mld T o di sable MLD snoopi ng on[...]
-
Página 155
7-9 Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring Per -Port MLD T raffic Filters For example: Figure 7-3. Example of an MLD Con figuration with T raffic Filters Syntax: ipv6 mld [auto <port-list> | blo cked <port-list> | forward <port-list> ] Note: This command must be issued in a VLAN context. This comma[...]
-
Página 156
7-10 Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring the Querier For example, to disable the switch fr om acting as querier on VLAN 8: ProCurve(vlan-8)# no ipv6 mld querie r T o enabl e the switch to act as querier on VLAN 8: ProCurve(vlan-8)# ipv6 mld querier Configuring Fast Leave Syntax: [no] ipv6 mld querier Note: This c[...]
-
Página 157
7-11 Multicast Listener Discovery (MLD) Snooping Configuring MLD For exampl e, to disable fast leave on ports in VLAN 8: ProCurve(vlan-8)# no ipv6 mld fast leave a14-a15 T o enable fast leave on ports in VLAN 8 : ProCurve(vlan-8)# ipv6 mld fastlea ve a14-a15 Configuring Forced Fast Leave For example, to enable forced fast l eave on ports in VLAN 8:[...]
-
Página 158
7-12 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Displaying MLD Status and Configuration Current MLD Status For example, a switch wi th MLD snooping conf igured on VLANs 8 and 9 might show the follow ing information: Figure 7-4. Example of Displayi ng the MLD Configuratio n for All Static VLANs on the Switch [...]
-
Página 159
7-13 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Figure 7-5. Continuation of Figure 7-4 ff02::1:ff04:3 FILT 0h:4m:5s A20 ff02::1:ff05:1 FILT 0h:4m:3s A21 ff02::1:ff0b:2dfe FILT 0h:3m:59s A17 ff02::1:ff0b:d7d9 FILT 0h:4m:4s A15 ff02::1:ff0b:da09 FILT 0h:4m:5s A18 ff02::1:ff0b:dc38 FILT 0h:4m:3s A19 ff02::1:ff[...]
-
Página 160
7-14 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown fo r each VLAN that has MLD snooping enabled: ■ VLAN ID number and name ■ Querier address: IPv6 address of the de vice acting as querier for the VLAN ■ Querier up time: th e length of time in seconds that the querier ha[...]
-
Página 161
7-15 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Current MLD Configuration For example, the general form of the command might look like this: Figure 7-6. Example of a Gl obal MLD Configuration The following info rmation, for all MLD -enabled VLANs, is sho wn: ■ Control unkno wn multicast: If this i s set t[...]
-
Página 162
7-16 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The specific form of the co mmand might look like this: Figure 7-7. Example of an MLD Con figuration for a Specific VLAN The following inform ation is shown, if the specif ied VLAN is MLD-enabled: ■ VLAN ID and nam e ■ whether MLD is enabl ed on the VLAN (d[...]
-
Página 163
7-17 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Ports Currently Joined For example, the general form of the com mand is shown below . The specific form the the command is similar , except that it lists the port in formation for only the specified group . Figure 7-8. Example of Por ts Joined to Multicast Gro[...]
-
Página 164
7-18 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown: ■ VLAN ID and nam e ■ port information for ea ch IPv6 multi cast group address in the VLAN (general group command) or for the specified IPv6 multicast group address (specific group command): • group multicast address ?[...]
-
Página 165
7-19 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation For example, the gene ra l form of th e command: Figure 7-9. Example of MLD Statistic s for All VLANs Configured And the specific form of the command: Figure 7-10. Example of MLD Stati stics for a Single VLAN ProCurve# show ipv6 mld statistics MLD Service Stat[...]
-
Página 166
7-20 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Counters Figure 7-11. Example of MLD Count ers for a Single VLAN Syntax: show ipv6 mld vlan <vid> c ounters Displays MLD counters for the specified VLAN vid —V L A N I D ProCurve# show ipv6 mld vlan 8 counters MLD Service Vlan Counters VLAN ID : 8 VLAN [...]
-
Página 167
7-21 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation The following information is shown: ■ VLAN number and n ame ■ For each VLAN: • number of general queries received • number of gene ral queries sent • number of group-specific que ries received • number of group-specifi c queries sent • number of [...]
-
Página 168
7-22 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration[...]
-
Página 169
8-1 8 IPv6 Diagnostic and T roubleshooting Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Ping for IPv6 (Ping6) . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 170
8-2 IPv6 Diagnostic and Troubleshooting Introduction Introduction The IPv6 ICMP fe ature enabl es control over the er ror and informa tional message rate for IPv6 traffic, which c an help mitigate the ef fects of a De nial- of-service attack. Ping6 enables ve rification of a ccess to a specific IPv6 device, and traceroute6 enables tr acing the rout[...]
-
Página 171
8-3 IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting Controlling the frequ ency of IC MPv6 error messages can help to preven t DoS (Denial- of- Service) attacks. With IP v6 enabled on the switch, you can control the allowable frequency of these me ssages with ICM Pv6 rate-limit ing. For example, the following comma nd limits ICM P error and i[...]
-
Página 172
8-4 IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Ping for IPv6 (Ping6) The Ping6 test is a point- to-point test th at a ccepts an IPv6 address or IPv6 host name to see if an IPv6 switch is c ommu nicating proper ly with another device on the same or another IP network . A ping test ch ecks the path between th e switch and another devic[...]
-
Página 173
8-5 IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Figure 8-1. Examples of IPv6 Ping T ests [timeout] : Number of seconds within which a response is required from the destination ho st before the ping test times out. V alid values: 1 - 60. Default: 1 second. [data-size] : Size of data (in bytes) to be sent in ping packets. V alid values:[...]
-
Página 174
8-6 IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 T raceroute for IPv6 The traceroute6 command enables you to trace the route from a switch to a host device that is identi fied by an IPv6 address or IPv6 host name. In the command output, information on each (router) hop betwee n the switch and the destination IPv6 address is displayed. To[...]
-
Página 175
8-7 IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Syntax: traceroute6 < ipv6-a ddress | hostname > [minttl < 1-255 > [maxttl < 1-255 > [tim eout < 1 - 60 >] [probes < 1-5 >] traceroute6 < link-local-address %vlan< vid > | host name > [minttl < 1-255 >] [maxttl < 1-255 >] [timeout < [...]
-
Página 176
8-8 IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Figure 8-2. Examples of IPv6 T r aceroute Probes ProCurve# traceroute6 2001:db8::10 traceroute to 2001:db8::10 1 hop min, 30 hops max , 5 sec. timeout, 3 probes 1 2001:db8::a:1c:e3:3 0 ms 0 ms 0 ms 2 2001:db8:0:7::5 7 ms 3 ms 0 ms 3 2001:db8::214:c2ff:fe4c:e480 0 ms 1 ms 0 ms 4 2001:db8::1[...]
-
Página 177
8-9 IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 DNS Resolver for IPv6 The Domain Name System (DNS) resolv er is designed f or local network domains where it enables us e of a host name or fully qualified domain name to support DNS-compat ible commands fr om the switch. Beginning with soft- ware release K.13.0 1,DNS operati on supports[...]
-
Página 178
8-10 IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 For example, suppose you want to c onfigure the following on the switch: ■ the address 2001:db8::127:10 which identi fies a DNS server in the dom ain named mygroup.procurve.n et ■ a priority of 1 for the above server ■ the domain suffix mygroup.procurve.net Assume that the above, [...]
-
Página 179
8-11 IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 been configured as the domain name on the switch and th e address of a DNS server residing in that domain is also configured on the switch. The commands for these steps are as follows: Figure 8-1. Example of Configuri ng for a Local DNS Serve r and Pinging a Registe red Device However ,[...]
-
Página 180
8-12 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug/Syslog for IPv6 The Debug/System logging ( Syslog ) for IPv6 feature provi des the same logg ing functions as th e IPv4 vers ion, allowing you to record IPv4 and IPv6 Event Log and debug messages on a remote device to troubleshoot switch or network operation. For example, you can [...]
-
Página 181
8-13 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug Command Syntax: [no] d ebug < debug-type > Configures the types of IPv4 and IPv6 messages that are sent to Syslog servers or other debug destinations, where < debug-type > is any of the following event types: acl When a match occurs on an ACL “deny” statement with [...]
-
Página 182
8-14 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Syntax:. [n o] debug < debug-type > (Continued) ip [ ospf < adj | event | flood | lsa-generation | packet | retransmissio n | spf > ] Configures specified IPv4 OSPF message types to be sent to configured debug destinations: adj — Adjacency changes. event — OSPF events. f[...]
-
Página 183
8-15 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Configuring Debug Destinations A Debug/Syslog destination device can be a Syslog server (up to six maximum) and/or a console session: ■ Use the debug destination < logg ing | session | buffer > command to enable (and disable) Syslog messaging on a Sy slog server or to a CLI sess[...]
-
Página 184
8-16 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Logging Command For complete info rmation on how to configure a Syslog server and Debug/ Syslog message report s, refer to the “T roubleshooting” appendi x in the Man- agement and Configuration Guide . Syntax: [no] lo gging < sy slog-ipv4-addr > Enables or disables Syslog mess[...]
-
Página 185
1 A Te r m i n o l o g y DAD Duplicate Address Detection. Refer to “Duplicate Address Detection (DAD)” on page 4-18. Device Identifier The low- order bits in an IPv6 addre ss that identify a specific device. For example, in the link-local address 2001:db8:a10:101:212:79f f:fe 88:a100/64, the bits forming 212:79ff: fe88:a100 comprise the device [...]
-
Página 186
2 Terminology[...]
-
Página 187
Index – 1 Index Symbols … 4-7, 4-13 %vlan suffix … 5-6, 5-10, 5-13 A ACL debug messages … 8-13 address configuration DNS for IPv6 … 2-14 duplicate unicast addresses … 3-6 duplicate unicast a ddresses o n an interface … 2-9, 4-18 IPv6 anycast address … 2-9 IPv6 configuration using web browser … 2-11 IPv6 global unicast … 2-7, 2-8[...]
-
Página 188
2 – Index crash data file TFTP upload on remote device … 5-18 crash log TFTP upload on remote device … 5-18 D DAD configuration … 4-19 detecting duplicate uni cast addresse s … 3-6, 4-18 detecting duplicate uni cast addresses on an interface … 2-9, 4-5, 4-8, 4-10, 4-12, 4-16 not supported on anycast addresses … 3-20 performed on all I[...]
-
Página 189
Index – 3 G gateway determining default IPv6 route … 2-8, 4-29 global unicast address autoconfiguration … 3- 5, 3-11, 3-16, 4-7 autoconfigured is mutua lly exclusive with DHCP server-asigned address … 4-7 default prefix … 3-18 deprecation … 3-16, 4-32 device identifier … 3-18 leading 2 in prefix … 3-12 manual configuration … 2-8, [...]
-
Página 190
4 – Index single IPv6 link-local address on an interface … 3-13 SNMP support … 2-15, 5-20 SNTP See SNTP server. SSHv2 … 2-11 See also SSH. static address configuration … 4-11 supported switches … 1-2 switching IPv4 and IPv6 traffic on same VLAN … 2-3 switching IPv6 traffic on same VLAN … 2-3 switching traffic between different VLANs[...]
-
Página 191
Index – 5 See MLD. N neighbor cache, view …5 - 3 neighbor discovery for IPv6 nodes … 2-14 IPv6 similar to IPv4 ARP … 2-9, 4-17 neighbor solicitations used in duplicate address detection … 4 -19 neighbor, clear cache …5 - 2 notifications displaying configuration … 5-22 supported in IPv6 … 5-20 NTP server …2 - 8 O OSPF debug message[...]
-
Página 192
6 – Index configuring SNMPv3 management station … 5-21 displaying SNMPv3 management station configuration … 5-23 displaying trap configuration … 5-22 features supported for IPv6 … 5-20 IPv6 support … 2-15 remote monitoring (RMON) … 5-20 SNMPv1 and v2c traps … 5-20 SNMPv2c informs … 5-20 SNMPv3 notifications … 5-20 source IPv6 ad[...]
-
Página 193
Index – 7 displaying configuration … 5-22 supported in IPv6 … 5-20 troubleshooting configuring Syslog servers … 8-15 IPv6 addresses in event log … 2-14 ping6 … 2-13 traceroute6 … 2-13 using CLI session … 8-15 using ICMPv6 … 2-13 using IPv6 loopback address … 2-15 using SNMP for IPv6 … 2-15 using Syslog servers … 8-12 tunneli[...]
-
Página 194
[...]
-
Página 195
© Copyright 2008 Hewlett-Pack ard Development Company , L.P . January 2008 Manual Part Number 5992-3067[...]