HP ProCurve Switch Software IPv6 Configuration Guide 3500 switches 3500yl switches 5400zl switches 6200yl switches 6600 switches 8200zl switches Softw
Configuring (Enabling or Disabling) the Timep Mode . . . . . . . . . . . . 5-14 TFTP File Transfers Over IPv6 . . . . . . . . . . . . . . . . . . . .
IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors View IPv6 Gateway, Route, and Router Neighbors Use these commands to view
IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors ProCurve(config)# show ipv6 route IPv6 Route Entries Dest : ::/0
IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors MTU: This is the Maximum Transmission Unit (in bytes) allowed for frame
IPv6 Addressing Configuration Address Lifetimes Address Lifetimes Every configured IPv6 unicast and anycast address has a lifetime setting that determ
IPv6 Addressing Configuration Address Lifetimes Table 4-1. IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Link-Local Permanent S
5 IPv6 Management Features Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPv6 Management Features Introduction Introduction Feature Default CLI Neighbor Cache n/a 5-2, 5-5 Telnet6 Enabled 5-6, 5-7, 5-9 SNTP Address N
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Syntax: show ipv6 neighbors [vlan < vid >] Displays IPv6 neighbor infor
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache — Continued from previous page. — • STALE: A timeout has occurred for re
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Clearing the Neighbor Cache When there is an event such as a topology change o
Enabling or Disabling MLD Snooping on a VLAN . . . . . . . . . . . . . . . . . 7-8 Configuring Per-Port MLD Traffic Filters . . . . . . . . . . . .
IPv6 Management Features IPv6 Telnet Operation IPv6 Telnet Operation This section describes Telnet operation for IPv6 on the switch. For IPv4 Telnet o
IPv6 Management Features IPv6 Telnet Operation ProCurve(config)# telnet fe80::215:60ff:fe79:980%vlan10 If the switch is receiving router advertisement
IPv6 Management Features IPv6 Telnet Operation ProCurve# show telnet Telnet Activity -------------------------------------------------------- Session
IPv6 Management Features IPv6 Telnet Operation Enabling or Disabling Inbound Telnet Access Syntax: [ no ] telnet-server [listen <oobm | data | bo
IPv6 Management Features SNTP and Timep ProCurve(config)# show console Console/Serial Link Inbound Telnet Enabled [Yes] : Yes Web Agent Enabled [Yes]
IPv6 Management Features SNTP and Timep [ no ]sntp Enables SNTP with the current SNTP configuration. The no version disables SNTP without changing th
IPv6 Management Features SNTP and Timep Syntax:. [no ] sntp server priority < 1 - 3 > < link-local-addr >%vlan< vid >[oobm] [1 - 7]
IPv6 Management Features SNTP and Timep For example, to configure link-local and global unicast SNTP server addresses of: fe80::215:60ff:fe7a:adc0
IPv6 Management Features SNTP and Timep For example, the show sntp output for the proceeding sntp server command example would appear as follows: ProC
IPv6 Management Features SNTP and Timep ip timep manual < ipv6-addr > Enable Timep operation with a statically configured [ interval < 1 -
Planning an ACL Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27 How an ACE Uses a Prefix To Screen Packets for Pre
IPv6 Management Features SNTP and Timep where the address is on VLAN 10, configured on the switch, you would enter this command at the global config l
IPv6 Management Features TFTP File Transfers Over IPv6 Note that the show management command can also be used to display Timep server information. TFT
IPv6 Management Features TFTP File Transfers Over IPv6 Enabling TFTP for IPv6 Client and server TFTP for IPv6 is enabled by default on the switch. How
IPv6 Management Features TFTP File Transfers Over IPv6 Using TFTP to Copy Files over IPv6 Use the TFTP copy commands described in this section to:
IPv6 Management Features TFTP File Transfers Over IPv6 flash < primary | secondary >: Copies a software file stored on a remote host to prima
IPv6 Management Features TFTP File Transfers Over IPv6 . Syntax: copy <source > tftp < ipv6-addr > < filename > < pc | unix >
IPv6 Management Features TFTP File Transfers Over IPv6 < ipv6-addr >: If this is a link-local address, use this IPv6 address format: fe80::<
IPv6 Management Features TFTP File Transfers Over IPv6 Using Auto-TFTP for IPv6 At switch startup, the auto-TFTP for IPv6 feature automatically downlo
IPv6 Management Features SNMP Management for IPv6 SNMP Management for IPv6 As with SNMP for IPv4, you can manage a switch via SNMP from an IPv6-based
IPv6 Management Features SNMP Management for IPv6 SNMP Configuration Commands Supported IPv6 addressing is supported in the following SNMP configurati
Sequence Numbering in ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-64 Inserting an ACE in an Existing ACL . . . . . . . . .
IPv6 Management Features SNMP Management for IPv6 Note IPv6 is not supported in the configuration of an interface IPv6 address as the default source
SNMPv2c Informconfiguration IPv6 Management Features SNMP Management for IPv6 ProCurve(config)# show snmp-server SNMP Communities Community Name
IPv6 Management Features IP Preserve for IPv6 The show snmpv3 targetaddress command displays the configuration (including the IPv4 or IPv6 address) of
IPv6 Management Features IP Preserve for IPv6 ; J8697A Configuration Editor; Created on release #K.14.01hostname "ProCurve" time daylight-ti
IPv6 Management Features IP Preserve for IPv6 To verify how IP Preserve was implemented in a switch, after the switch reboots, enter the show run comm
6 IPv6 Management Security Features Contents IPv6 Management Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Aut
IPv6 Management Security Features IPv6 Management Security IPv6 Management Security This chapter describes management security features that are IPv6
IPv6 Management Security Features Authorized IP Managers for IPv6 Authorized IP Managers for IPv6 The Authorized IP Managers feature uses IP addresses
IPv6 Management Security Features Authorized IP Managers for IPv6 You configure each authorized manager address with Manager or Opera-tor-level pri
IPv6 Management Security Features Authorized IP Managers for IPv6 Configuring Authorized IP Managers for Switch Access To configure one or more IPv6-b
Traceroute for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7 DNS Resolver for IPv6 . . . . . . . .
IPv6 Management Security Features Authorized IP Managers for IPv6 Notes If you do not enter a value for the ipv6-mask parameter when you configure an
IPv6 Management Security Features Authorized IP Managers for IPv6 Conversely, in a mask, a “0” binary bit means that either the “on” or “off” setting
IPv6 Management Security Features Authorized IP Managers for IPv6 Example. Figure 6-3 shows an example in which a mask that authorizes switch access
IPv6 Management Security Features Authorized IP Managers for IPv6 to 0 (“off”) and allow the corresponding bits in an authorized IPv6 address to be ei
IPv6 Management Security Features Authorized IP Managers for IPv6 Each authorized station has the same 64-bit device ID (244:17FF:FEB6:D37D) becaus
IPv6 Management Security Features Authorized IP Managers for IPv6 Figure 6-7 shows the bits in the fourth block of the mask that determine the valid s
---------------------------------------IPv6 Management Security Features Authorized IP Managers for IPv6 Displaying an Authorized IP Managers Configur
IPv6 Management Security Features Authorized IP Managers for IPv6 Additional Examples of Authorized IPv6 Managers Configuration Authorizing Manager Ac
IPv6 Management Security Features Authorized IP Managers for IPv6 The next IPv6 command authorizes operator-level access for sixty-four IPv6 stations:
IPv6 Management Security Features Secure Shell (SSH) for IPv6 Secure Shell (SSH) for IPv6 Beginning with software release K.14.01, SSH for IPv4 and IP
Product Publications and IPv6 Command Index About Your Switch Manual Set Note For the latest version of all ProCurve switch documentation, including
IPv6 Management Security Features Secure Shell (SSH) for IPv6 Syntax:. [no] ip ssh Enables SSH for on the switch for both IPv4 and IPv6, and activat
IPv6 Management Security Features Secure Shell (SSH) for IPv6 [mac < MAC-type >] Allows configuration of the set of MACs that can be selected. V
IPv6 Management Security Features Secure Shell (SSH) for IPv6 [listen <oobm|data|both>] The listen parameter is available only on switches that
IPv6 Management Security Features Secure Shell (SSH) for IPv6 Displaying an SSH Configuration To verify an SSH configuration and display all SSH
IPv6 Management Security Features Secure Copy and Secure FTP for IPv6 Secure Copy and Secure FTP for IPv6 You can take advantage of the Secure Copy (S
7 Multicast Listener Discovery (MLD) Snooping Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Multicast Listener Discovery (MLD) Snooping Overview Overview Multicast addressing allows one-to-many or many-to-many communication among hosts on a n
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Introduction to MLD Snooping There are several roles that network devices may
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping General operation. Multicast communication can take place without MLD, and b
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Note that MLD snooping operates on a single VLAN (though there can be multipl
The two publications listed below support all of the switches covered by this manual except the ProCurve Series 2900 switches: Command Line Interfa
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping A network node establishes itself as an MLD host by issuing a multicast “join
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Fast leaves and forced fast leaves. The fast leave and forced fast leave fun
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring MLD Several CLI commands are available for configuring MLD parameters on a swi
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring Per-Port MLD Traffic Filters Syntax: ipv6 mld [auto <port-list> |
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring the Querier Syntax: [no] ipv6 mld querier Note: This command must be issued i
Multicast Listener Discovery (MLD) Snooping Configuring MLD For example, to disable fast leave on ports in VLAN 8: ProCurve(vlan-8)# no ipv6 mld fastl
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Displaying MLD Status and Configuration Current MLD Status
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration ff02::1:ff04:3 FILT 0h:4m:5s A20 ff02::1:ff05:1 FIL
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The following information is shown for each VLAN that has MLD snoo
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Current MLD Configuration Syntax: show ipv6 mld config Displays c
IPv6 Command Index This index provides a tool for locating descriptions of individual IPv6 com-mands covered in this guide. Note A link-local address
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The specific form
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Ports Currently Joined Syntax: show ipv6 mld vlan <vid> g
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The following information is shown: VLAN ID and name port in
------- ------------ ------------ ------------ ------------Multicast Listener Discovery (MLD) Snooping Displayin
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Counters Syntax: show ipv6 mld vlan <vid> counters Display
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The following information is shown: VLAN number and name For
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration 7-22
8 IPv6 Access Control Lists (ACLs) Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPv6 Access Control Lists (ACLs) Contents How an ACE Uses a Prefix To Screen Packets for SA and DA Matches . . . . . . . . . . . . . . . . . . . . . .
IPv6 Access Control Lists (ACLs) Contents Operating Notes for Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-73 Displaying ACL Co
Command Min. Level Page Authorized Manager ipv6 authorized managers < ipv6-addr >* Global Config 6-5 show ipv6 authorized-managers Manager 6
IPv6 Access Control Lists (ACLs) Introduction Introduction An Access Control List (ACL) contains one or more Access Control Entries (ACEs) specifying
IPv6 Access Control Lists (ACLs) Introduction IPv6 traffic filtering with ACLs can help to improve network performance and restrict network use by cre
IPv6 Access Control Lists (ACLs) Overview of Options for Applying IPv6 ACLs on the Switch Overview of Options for Applying IPv6 ACLs on the Switch To
IPv6 Access Control Lists (ACLs) Overview of Options for Applying IPv6 ACLs on the Switch Command Summary for Configuring ACLs Create an IPv6 ACL or A
IPv6 Access Control Lists (ACLs) Overview of Options for Applying IPv6 ACLs on the Switch — Continued from preceding page. — Action Command(s) Page
IPv6 Access Control Lists (ACLs) Terminology Terminology Access Control Entry (ACE): A policy consisting of criteria and an action (permit or deny) to
IPv6 Access Control Lists (ACLs) Terminology ACL ID: An alphanumeric string used to identify an ACL. See also identifier and name-str. Note: RADIUS-as
IPv6 Access Control Lists (ACLs) Terminology Note that an empty ACL does not include an Implicit Deny and does not filter traffic. However, if you con
IPv6 Access Control Lists (ACLs) Terminology on a VLAN interface, but outbound, switched traffic is not filtered by ACLs. In software release K.14.01,
IPv6 Access Control Lists (ACLs) Overview Static Port ACL: An ACL statically configured on a specific port, group of ports, or trunk. A static port AC
Command Min. Level Page ipv6 nd dad-attempts < 0 - 600 > Global Config 4-18 ipv6 nd ns-interval < 1000 - 3600000 > VLAN Config 4-19
IPv6 Access Control Lists (ACLs) Overview RADIUS-assigned ACL: on a port having an ACL assigned by a RADIUS server to filter an authenticated clien
IPv6 Access Control Lists (ACLs) Overview VLAN 1 with VACL “A” (one network) 2001:db8:0:111::1 VLAN 2 with VACL “B” (multiple networks) 2001:db8:0:22
IPv6 Access Control Lists (ACLs) Overview Dynamic (RADIUS-assigned) port ACLs are configured on RADIUS servers and can be configured to filter IPv4 an
IPv6 Access Control Lists (ACLs) Overview If you configure 802.1X user-based security on a port and the RADIUS response includes a RADIUS-assigned
IPv6 Access Control Lists (ACLs) Overview For the Web authentication method, clients must authenticate using IPv4. However, this does not prevent t
IPv6 Access Control Lists (ACLs) Overview Filtering Inbound Traffic with Multiple ACLS. When traffic inbound on a port is subject to multiple ACL ass
IPv6 Access Control Lists (ACLs) Overview Notes Software release K.14.01 supports connection-rate ACLs for inbound IPv4 traffic, but not for IPv6 tra
IPv6 Access Control Lists (ACLs) Overview In any ACL, you can apply an ACL log function to ACEs that have an explicit “deny” action. (The logging o
IPv6 Access Control Lists (ACLs) Overview 3. Design the ACLs for the control points (interfaces) you have selected. Where you are using explicit “de
IPv6 Access Control Lists (ACLs) IPv6 ACL Operation IPv6 ACL Operation Introduction An ACL is a list of one or more Access Control Entries (ACEs), whe
xviii
IPv6 Access Control Lists (ACLs) IPv6 ACL Operation Implicit Deny. If a packet does not have a match with the criteria in any of the ACEs in the ACL,
IPv6 Access Control Lists (ACLs) IPv6 ACL Operation implementing an ACL depends in part on configuring ACEs in the correct order for the overall polic
IPv6 Access Control Lists (ACLs) IPv6 ACL Operation 1. Permit inbound IPv6 traffic from 2001:db8:0:fb::11:42. 2. Deny only the inbound Telnet traffi
IPv6 Access Control Lists (ACLs) Planning an ACL Application insert an explicit permit ipv6 any any as the last ACE in the ACL. Doing so permits any p
IPv6 Access Control Lists (ACLs) Planning an ACL Application Depending on the source and/or destination of a given IPv6 traffic type, you must also de
IPv6 Access Control Lists (ACLs) Planning an ACL Application blocking access to sensitive data storage or restricted equipment preventing specif
IPv6 Access Control Lists (ACLs) Planning an ACL Application On any ACL, the switch implicitly denies IPv6 packets that are not explicitly permitte
IPv6 Access Control Lists (ACLs) Planning an ACL Application Explicitly Permitting IPv6 Traffic: Entering a permit ipv6 any any ACE in an ACL permi
IPv6 Access Control Lists (ACLs) Planning an ACL Application How an ACE Uses a Prefix To Screen Packets for SA and DA Matches For an IPv6 ACL, a match
IPv6 Access Control Lists (ACLs) Planning an ACL Application To summarize, when the switch compares an IPv6 packet to an ACE in an ACL, it uses the su
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conv
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL Configuring and Assigning an IPv6 ACL ACL Feature Page Adding or Removing an A
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL ACL Configuration After you enter an ACL command, you may want to inspect the r
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL ACL Configuration Structure Individual ACEs in an IPv6 ACL include: Optional
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL For example, the ACL in figure 8-8 filters traffic for individual hosts in some
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL ACL Configuration Factors The Sequence of Entries in an ACL Is Significant When
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL Table 8-2. Effect of the Above ACL on Inbound IPv6 Traffic in the Assigned VLA
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL A Configured ACL Has No Effect Until You Apply It to an Interface The switch st
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL General ACE Rules These rules apply to all ACEs you create or edit using the CL
IPv6 Access Control Lists (ACLs) Configuring and Assigning an IPv6 ACL Table 8-3. Examples of CIDR Notation for Prefix Lengths SA or DA Used In an AC
IPv6 Access Control Lists (ACLs) Configuration Commands Create an IPv6 ACL or Add an ACE to the End of an Existing IPv6 ACL Configuration Commands Co
Getting Started Introduction Introduction This guide is intended for use with the following ProCurve switches: 8200zl switches 6600 switches
IPv6 Access Control Lists (ACLs) Configuration Commands Continued from preceding page. — Action Command(s) Page Enter a Remark ProCurve(config)# ip
IPv6 Access Control Lists (ACLs) Configuration Commands TCP flag (control bit) options filtering for TCP traffic based on whether the subject tr
IPv6 Access Control Lists (ACLs) Configuration Commands creating or editing ACLs offline 8-84 Topic Page enabling ACL “Deny” logging 8-89 Creating
IPv6 Access Control Lists (ACLs) Configuration Commands Syntax: < deny | permit > < ipv6 | ipv6-protocol | ipv6-protocol-nbr > (ipv6 acl
IPv6 Access Control Lists (ACLs) Configuration Commands < ipv6 | ipv6-protocol | ipv6-protocol-nbr > Used after deny or permit to specify the pa
IPv6 Access Control Lists (ACLs) Configuration Commands Note: For more on how prefix lengths are used in IPv6 ACLs, refer to “How an ACE Uses a Prefix
IPv6 Access Control Lists (ACLs) Configuration Commands 0 - 63: Select a specific DSCP codepoint by entering its decimal equivalent. (Refer to table 8
IPv6 Access Control Lists (ACLs) Configuration Commands [log] This option can be used after the DA to generate an Event Log message if: • The action
IPv6 Access Control Lists (ACLs) Configuration Commands Options for TCP and UDP Traffic in IPv6 ACLs. An ACE designed to permit or deny TCP or UDP tr
IPv6 Access Control Lists (ACLs) Configuration Commands Comparison Operators: • eq < tcp/udp-port-nbr > — “Equal To”; to have a match with the
Getting Started Conventions Italics indicate variables for which you must supply a value when execut-ing the command. For example, in this command
IPv6 Access Control Lists (ACLs) Configuration Commands [established] — This option applies only where TCP is the configured IPv6 protocol type. It bl
IPv6 Access Control Lists (ACLs) Configuration Commands summary of the syntax options, refer to “Command Summary for Configuring ACLs” on page 8-43.)
IPv6 Access Control Lists (ACLs) Configuration Commands [ icmp-type-name ] These name options are an alternative to the [icmp-type [ icmp-code] ] meth
IPv6 Access Control Lists (ACLs) Configuration Commands 5400zl 2001:db8::1:10:1 Management Station 2001:db8::1:10:10 3500yl 2001:db8::1:30:128 Server
IPv6 Access Control Lists (ACLs) Configuration Commands The configuration of the example in the switch appears as follows: Port-1(config)# show access
IPv6 Access Control Lists (ACLs) Adding or Removing an ACL Assignment On an Interface Adding or Removing an ACL Assignment On an Interface Filtering S
8-60 IPv6 Access Control Lists (ACLs) Adding or Removing an ACL Assignment On an Interface Figure 8-14. Methods for Enabling and Disabling VACLs Filte
IPv6 Access Control Lists (ACLs) Adding or Removing an ACL Assignment On an Interface and operating rules, refer to “ACL Configuration and Operating R
IPv6 Access Control Lists (ACLs) Deleting an ACL Deleting an ACL Syntax: no ipv6 access-list < identifier > Used in the global config context t
IPv6 Access Control Lists (ACLs) Editing an Existing ACL Editing an Existing ACL The CLI provides the capability for editing in the switch by using se
Getting Started Sources for More Information Keys Simulations of actual keys use a bold, sans-serif typeface with square brackets. For example, the Ta
IPv6 Access Control Lists (ACLs) Editing an Existing ACL Sequence Numbering in ACLs The ACEs in any ACL are sequentially numbered. In the default stat
IPv6 Access Control Lists (ACLs) Editing an Existing ACL To continue from figure 8-17 and append a final ACE to the end of the ACL: ProCurve(config-ip
IPv6 Access Control Lists (ACLs) Editing an Existing ACL ProCurve(Config)# ipv6 access-list My-listProCurve(config-ipv6-acl)# 45 permit icmp host 2001
IPv6 Access Control Lists (ACLs) Editing an Existing ACL Deleting an ACE from an Existing ACL This action provides the option of using either the sequ
IPv6 Access Control Lists (ACLs) Editing an Existing ACL ProCurve(config)# show access-list My-List config ipv6 access-list "My-List"ACL Bef
IPv6 Access Control Lists (ACLs) Editing an Existing ACL ProCurve(config)# show access-list My-List config ipv6 access-list "My-List" 10 p
IPv6 Access Control Lists (ACLs) Editing an Existing ACL Syntax: remark < remark-str > < 1-2147483647 > remark < remark-str > no &l
IPv6 Access Control Lists (ACLs) Editing an Existing ACL Appending Remarks and Related ACEs to the End of an ACL. To include a remark for an ACE that
IPv6 Access Control Lists (ACLs) Editing an Existing ACL ProCurve(config-ipv6-acl)# 15 remark "PERMIT HTTP; STATION 23; SUBNET 1D"ProCurve(c
IPv6 Access Control Lists (ACLs) Editing an Existing ACL Using the no <1-2147483647> command without the remark keyword deletes both the remark
Getting Started Sources for More Information • time protocols • port configuration, trunking, traffic control, and PoE operation • Redundant manage
IPv6 Access Control Lists (ACLs) Editing an Existing ACL ProCurve(config-ipv6-acl)# permit ipv6 host fe80::a1:121 fe80::/104ProCurve(config-ipv6-acl)#
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data Displaying ACL Configuration Data The show commands in this section apply to both I
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data Display an ACL Summary This command lists the configured IPv4 and IPv6 ACLs, r
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data Display the Content of All ACLs on the Switch This command lists the configuration
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data Display the IPv4 and IPv6 VACL Assignments for a VLAN This command lists the identi
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data Display Static Port (and Trunk) ACL Assignments This command lists the identificati
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data Displaying the Content of a Specific ACL This command displays a specific IPv6 or I
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data ProCurve(config)# show access-list Accounting Access Control Lists Name: Accountin
----------------------------------------------------------------------IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data ProCurve(
IPv6 Access Control Lists (ACLs) Displaying ACL Configuration Data Table 8-5. Descriptions of Data Types Included in Show Access-List < acl-id >
Getting Started Sources for More Information Getting Documentation From the Web To obtain the latest versions of documentation and release notes for y
IPv6 Access Control Lists (ACLs) Creating or Editing ACLs Offline Creating or Editing ACLs Offline The section titled “Editing an Existing ACL” on pag
IPv6 Access Control Lists (ACLs) Creating or Editing ACLs Offline If you are replacing an ACL on the switch with a new ACL that uses the same number o
IPv6 Access Control Lists (ACLs) Creating or Editing ACLs Offline ipv6 access-list "acl-001"The “ ; ” enables a comment in the file. ; CR
IPv6 Access Control Lists (ACLs) Creating or Editing ACLs Offline In this example, the CLI would show output similar to the follow
IPv6 Access Control Lists (ACLs) Creating or Editing ACLs Offline ProCurve(config)# show run . . . ipv6 access-list "acl-001" 10 remark &
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs Testing and Troubleshooting ACLs You can monitor ACL performance by using the “Deny”
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs ACL Logging Operation When the switch detects a packet match with an ACE and the ACE
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs For example, suppose that you want to configure the following on a switch receiving
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs ProCurve(config)# ipv6 access-list NO-TELNETProCurve(config-ipv6-acl)# remark "
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs Monitoring Static ACL Performance ACL statistics counters provide a means for monito
Getting Started Need Only a Quick Start? Command Line Interface If you need information on a specific command in the CLI, type the command name follow
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs Syntax: show statistics aclv4 < acl-name-str > port &l
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs ACE Counter Operation: For a given ACE in an assigned ACL, the counter incremen
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs ProCurve# show statistics aclv6 V6-02 vlan 20 vlan HitCounts for ACL V6-02 Total
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs IPv6 Counter Operation with Multiple Interface Assignments Note The examples of cou
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs Using the topology in figure 8-44, a workstation at FE80::20:117 on port B2 attempti
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs has multiple assignments as an RACL, then a match with an ACE in any RACL instance o
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs In the above case: Matches with ACEs 10 or 20 that originate on VLAN 20 will incr
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs ProCurve(config)# show statistics aclv4 Test-1 vlan 20 vlan Total ( 5) 10 d
IPv6 Access Control Lists (ACLs) Testing and Troubleshooting ACLs ProCurve(config)# show statistics aclv4 Test-1 vlan 50 in Hit Counts for ACL Test-1
IPv6 Access Control Lists (ACLs) General ACL Operating Notes General ACL Operating Notes ACLs do not provide DNS hostname support. ACLs cannot be con
Getting Started To Set Up and Install the Switch in Your Network In the Main Menu of the Menu interface select 8. Run Setup For more on using the S
IPv6 Access Control Lists (ACLs) General ACL Operating Notes “Monitoring Resources” in the latest Management and Configuration Guide for your switch.
9 IPv6 Diagnostic and Troubleshooting Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPv6 Diagnostic and Troubleshooting Introduction Introduction Feature Default CLI IPv6 ICMP Message Interval and Token Bucket 100 ms 10 max tokens 9
IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting Controlling the frequency of ICMPv6 error messages can help to prevent DoS (Denial- of- Service
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Ping for IPv6 (Ping6) The Ping6 test is a point-to-point test that accepts an IPv6 address o
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Syntax: ping6 < ipv6-address | hostname | switch-number > [repetitions < 1 - 10000
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) ProCurve# ping6 fe80::2:1%vlan10fe80:0000:0000:0000:0000:0000:0002:0001 is alive, time = 975
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Traceroute for IPv6 The traceroute6 command enables you to trace the route from a switch to a
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Syntax: traceroute6 < ipv6-address | hostname > [minttl < 1-255 > [maxttl < 1-
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 maxttl: Maximum number of hops allowed for each probe packet sent along the rout
2 Introduction to IPv6 Contents Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 DNS Resolver for IPv6 The Domain Name System (DNS) resolver is designed for local network do
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 — Continued from the previous page. — The no form of the command removes the specified addre
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 Assume that the above, configured DNS server supports an IPv6 device having a host name of “
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug/Syslog for IPv6 The Debug/System logging (Syslog) for IPv6 feature provides the same l
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug Command Syntax: [no] debug < debug-type > Configures the types of IPv4 and IPv
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Syntax:. [no] debug < debug-type > (Continued) ip [ ospf < adj | event | flood |
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Configuring Debug Destinations A Debug/Syslog destination device can be a Syslog server (up
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Logging Command Syntax: [no] logging < syslog-ipv4-addr > Enables or disables Syslog
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 9-18
A IPv6 Terminology For IPv6 ACL terminology, refer to “Terminology” on page 8-9. DAD Duplicate Address Detection. Refer to “Duplicate Address Detecti
HP ProCurve 3500 Switches 3500yl Switches 5400zl Switches 6200yl Switch 6600 Switches 8200zl Switches IPv6 Configuration Guide March 2010 K.14.52
Introduction to IPv6 Contents Diagnostic and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14 ICMP Rate-Limiting . .
IPv6 Terminology A-2
Index Symbols … 4-7, 4-14 %vlan suffix … 5-6, 5-11, 5-12, 5-15 Numerics 802.1X ACL, IPv6, effect on … 8-16 port-based access not recommended … 8-17 A
DSCP setting … 8-21 DSCP, ToS setting … 8-21 dual stack … 8-18 dual-stack operation … 8-4 duplicate sequence number … 8-41 dynamic … 8-4, 8-6, 8-23 dy
purpose … 8-5 RACL operation defined … 8-13 RADIUS-assigned … 8-4, 8-6, 8-9, 8-10, 8-16, 8-23 RADIUS-assigned ACL … 8-9 implicit deny IPv6 … 8-15 mult
binary expressions of hexadecimal blocks … 6-7, 6-11 configuration command … 6-5 configuration examples … 6-8, 6-13 configuring access privilege … 6-4
nd ns-interval, 1000 ms …4-19 nd reachable-time, 3000 ms …4-19 ping6 data-size and data-fill, 0 …9-5 ping6 repetitions, 1 …9-5 ping6 timeout, 1 second
I IANA …8-53 IANA, protocol numbers … 8-48, 8-55 ICMP bucket-size … 9-3 error-interval … 9-3 for IPv6 … 2-14 rate-limiting controls … 9-2 inform messa
switching traffic between different VLANs … 2-3 Syslog … 9-13 Telnet … 2-10 view current use … 5-7 Telnet6 access … 5-9 telnet6 … 5-6 Telnet6, view co
neighbor discovery for IPv6 nodes … 2-15 IPv6 similar to IPv4 ARP … 2-9, 4-16 neighbor solicitations used in duplicate address detection … 4-18 neighb
S SA …8-12 SCP See SCP/SFTP. SCP/SFTP secure file transfer session limit … 6-20 secure copy See SCP/SFTP. secure FTP See SCP/SFTP. security for IPv6 …
Introduction to IPv6 Migrating to IPv6 Migrating to IPv6 To successfully migrate to IPv6 involves maintaining compatibility with the large installed b
TFTP auto-TFTP feature … 5-23 disabled … 5-23 downloading command … 5-19 downloading configuration file … 5-19 downloading key file … 5-19 downloading
router advertisements used in IPv6 … 4-28 selecting default IPv6 router … 4-29 switching IPv4 and IPv6 traffic on same VLAN … 2-3, 3-6 switching IPv6
12 – Index
ProCurve 5400zl SwitchesInstallation and Getting Startd Guide Technology for better business outcomes To learn more, visit www.hp.com/go/procurve/ ©
Introduction to IPv6 Migrating to IPv6 IPv6 Propagation IPv6 is currently in the early stages of deployment worldwide, involving a phased-in migration
Introduction to IPv6 Migrating to IPv6 Connecting to Devices Supporting IPv6 Over IPv4 Tunneling The switches covered by this guide can interoperate w
Introduction to IPv6 Use Model Use Model Adding IPv6 Capability IPv6 was designed by the Internet Engineering Task Force (IETF) to improve on the scal
Introduction to IPv6 Configuration and Management Configuration and Management This section outlines the configurable management features supporting I
Introduction to IPv6 Configuration and Management traffic on a VLAN to be routed to other VLANs supporting IPv6-aware devices. (Using software release
Introduction to IPv6 Configuration and Management Refer to “Default IPv6 Router” on page 4-29 and “View IPv6 Gateway, Route, and Router Neighbors ” on
Introduction to IPv6 Configuration and Management IPv6 Management Features The switch's IPv6 management features support operation in an environm
Introduction to IPv6 Configuration and Management IP Preserve IP Preserve operation preserves both the IPv4 and IPv6 addresses configured on VLAN 1 (t
© Copyright 2008 - 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change with-out notice. All Rights Re
Introduction to IPv6 Configurable IPv6 Security Configurable IPv6 Security This section outlines the configurable IPv6 security features supported in
Introduction to IPv6 Configurable IPv6 Security that the IP address of a networked management device must be authorized before the switch will attempt
Introduction to IPv6 Diagnostic and Troubleshooting Diagnostic and Troubleshooting Software releases K.13.01 and greater include the IPv6 diagnostic a
Introduction to IPv6 Diagnostic and Troubleshooting The switches covered by this guide now support a prioritized list of up to three DNS server addres
Introduction to IPv6 IPv6 Scalability IPv6 Scalability As of software release K.14.01, the switches covered by this guide support the following: Du
3 IPv6 Addressing Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 IPv6
IPv6 Addressing Contents Prefixes in Routable IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Unique Local Unicast IPv6 Addr
IPv6 Addressing Introduction Introduction IPv6 supports multiple addresses on an interface, and uses them in a manner comparable to subnetting an IPv4
IPv6 Addressing IPv6 Address Structure and Format An IPv6 address includes a network prefix and an interface identifier. Network Prefix The network pr
IPv6 Addressing IPv6 Addressing Options IPv6 Addressing Options IPv6 Address Sources IPv6 addressing sources provide a flexible methodology for assign
Contents Product Publications and IPv6 Command Index About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Printe
IPv6 Addressing IPv6 Addressing Options Stateful Address Autoconfiguration. This method allows use of a DHCPv6 server to automatically configure IPv6
IPv6 Addressing IPv6 Address Sources IPv6 Address Sources IPv6 addressing sources provide a flexible methodology for assigning addresses to VLAN inter
IPv6 Addressing IPv6 Address Sources servers. These lifetimes cannot be reset using control from the switch console or SNMP methods. Refer to “Preferr
IPv6 Addressing IPv6 Address Sources Static Address Configuration Generally, static address configuration should be used when you want specific, non-d
IPv6 Addressing Address Types and Scope Address Types and Scope Address Types IPv6 uses these IP address types: Unicast: Identifies a specific IPv6
IPv6 Addressing Address Types and Scope Global Unicast Address. Applies to a unique IPv6 routable address on the internet. A unique global address ha
IPv6 Addressing Address Types and Scope Routable Global Unicast Prefix. This well-known 3-bit fixed-prefix indi-cates a routable address used to iden
IPv6 Addressing Link-Local Unicast Address Other Prefix Types. There are other designated global unicast prefixes such as those for the following add
IPv6 Addressing Link-Local Unicast Address Note Because all VLANs configured on the switch use the same MAC address, all automatically generated link-
IPv6 Addressing Link-Local Unicast Address MAC Address IPv6 I/F Identifier Full Link-Local Unicast Address 00-15-60-7a-ad-c0 215:60ff:fe7a:adc0 fe
2 Introduction to IPv6 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Migr
IPv6 Addressing Global Unicast Address Global Unicast Address A global unicast address is required for unicast traffic to be routed across VLANs withi
IPv6 Addressing Global Unicast Address generate a link-local address on the VLAN as described in the preceding section (page 3-13). transmit a r
IPv6 Addressing Global Unicast Address Prefixes in Routable IPv6 Addresses In routable IPv6 addresses, the prefix uniquely identifies an entity and a
IPv6 Addressing Unique Local Unicast IPv6 Address Unique Local Unicast IPv6 Address A unique local unicast address is an address that falls within a s
IPv6 Addressing Multicast Application to IPv6 Addressing tions, router advertisements, and responses to DAD messages. It also avoids the bandwidth con
IPv6 Addressing Multicast Application to IPv6 Addressing scope: 0001 - 1110 (bits 13-16) For related information, refer to RFC 4291. Multicast Grou
IPv6 Addressing Multicast Application to IPv6 Addressing 4 admin-local (smallest administratively configured scope) Bit Use 5 site-local (single si
IPv6 Addressing Loopback Address RFC 4007: IPv6 Scoped Address Architecture RFC 4291: IP Version 6 Addressing Architecture “Internet Protocol
IPv6 Addressing IPv6 Address Deprecation IPv6 Address Deprecation Preferred and Valid Address Lifetimes Autoconfigured IPv6 global unicast addresses a
IPv6 Addressing IPv6 Address Deprecation Related Information RFC 2462: “IPv6 Stateless Address Autoconfiguration” RFC 4291: “IP Version 6 Addres
Domain Name System (DNS) Resolution . . . . . . . . . . . . . . . . . . . . . . . 2-14 IPv6 Neighbor Discovery (ND) Controls . . . . . . . . . . . .
IPv6 Addressing IPv6 Address Deprecation 3-26
4 IPv6 Addressing Configuration Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPv6 Addressing Configuration Contents Default IPv6 Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 Rou
IPv6 Addressing Configuration Introduction Introduction Feature Default CLI Enable IPv6 with a Link-Local Address disabled 4-6 Configure Global Uni
IPv6 Addressing Configuration General Configuration Steps General Configuration Steps The IPv6 configuration on switches running software release K.13
IPv6 Addressing Configuration Configuring IPv6 Addressing 4. If needed, statically configure IPv6 unicast addressing on the VLAN interface as needed.
IPv6 Addressing Configuration Enabling IPv6 with an Automatically Configured Link-Local Address Enabling IPv6 with an Automatically Configured Link-Lo
IPv6 Addressing Configuration Enabling Autoconfiguration of a Global Unicast Address and a Default Router Identity on a VLAN Enabling Autoconfiguratio
IPv6 Addressing Configuration Enabling Autoconfiguration of a Global Unicast Address and a Default Router Identity on a VLAN — Continued from the prev
IPv6 Addressing Configuration Enabling DHCPv6 Enabling DHCPv6 Enabling the DHCPv6 option on a VLAN allows the switch to obtain a global unicast addres
Stateless Autoconfiguration of a Global Unicast Address . . . . . . . . . 3-16 Static Configuration of a Global Unicast Address . . . . . . . . . . .
IPv6 Addressing Configuration Enabling DHCPv6 — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN DHCPv6 and statically configured global unicast addresses are mutually ex
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-Local Unicast Address Syntax: [no] ipv6 addr
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN If IPv6 was enabled only by a statically configured link-local address, t
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN < prefix-length >: Specifies the number of bits in the network prefix.
IPv6 Addressing Configuration Disabling IPv6 on a VLAN Duplicate Address Detection (DAD) for Statically Configured Addresses Statically configured IPv
IPv6 Addressing Configuration Neighbor Discovery (ND) Neighbor Discovery (ND) Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP for layer
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Note: Neighbor and router solicitations must originate on the same VLAN as the recei
IPv6 Addressing Configuration Duplicate Address Detection (DAD) that includes its link-local address. If the newly configured address is from a static
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Syntax: ipv6 nd ns-interval < milliseconds > Used on VLAN interfaces to reconf
Neighbor Discovery (ND) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Duplicate Address Detection (DAD) . . . . . .
IPv6 Addressing Configuration Duplicate Address Detection (DAD) If a previously configured unicast address is changed, a neighbor adver-tisement is
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Use these commands to view
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Address Origin: Autoconfig: The address was configured using stateless
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration For example, figure 4-1 shows the output on a switch having
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Syntax: show ipv6 nd Displays the current IPv6 neighbor discovery setti
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration DAD Attempts: Indicates the number of neighbor solicita-tions the swit
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve# show ipv6 vlan 10 Internet (IPv6) Service IPv6 Routing : Di
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show run Running configuration: . . . vlan 10 name &q
IPv6 Addressing Configuration Router Access and Default Router Selection Router Access and Default Router Selection Routing traffic between destinatio
IPv6 Addressing Configuration Router Access and Default Router Selection Note If the switch does not receive a router advertisement after sending the
Kommentare zu diesen Handbüchern