Manualshelf

IPv6 Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
51525354555657585960
3 IPv6 Management Security Features
This chapter describes management security features that are IPv6 counterparts of IPv4 management
security features on the switches.
NOTE: All commands previously in the Summary of commands table are indexed under the entry
Command syntax.
This chapter describes the following IPv6-enabled management security features:
Authorized IP Managers for IPv6
Secure Shell for IPv6
Secure Copy and Secure FTP for IPv6
Configuring authorized IP managers for switch access
To configure one or more IPv6-based management stations to access the switch using the authorized
IP managers feature, enter the ipv6 authorized-managers command.
Syntax:
[no] ipv6 authorized-managers ipv6-addr ipv6-mask [ access [ operator
| manager ] ]
access-method [ all | ssh | telnet | web | snmp | tftp ]
Configures one or more authorized IPv6 addresses to access the switch, where:
ipv6-mask
Specifies the mask that is applied to an IPv6 address to determine authorized
stations.
Default: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.
access [ operator | manager ]
Specifies the level of access privilege granted to authorized stations. Applies
only to access through Telnet, SSH, and SNMP (version 1, 2, and 3).
Default: Manager
access-method [ all | ssh | telnet | web | snmp | tftp ]
Configures access levels by access method and IP address. Each management
method can have its own set of authorized managers.
Default: All
Configuring single station access
To authorize only one IPv6-based station for access to the switch:
Enter the IPv6 address of the station and set the mask to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.
NOTE: If you do not enter a value for the ipv6-mask parameter when you configure an
authorized IPv6 address, the switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as
the default mask.
If you have ten or fewer management and/or operator stations for which you want to authorize
access to the switch, it may be more efficient to configure them by entering each IPv6 address with
the default mask in a separate ipv6 authorized-managers command.
When used in a mask, "FFFF" specifies that each bit in the corresponding 16-bit (hexadecimal)
block of an authorized station's IPv6 address must be identical to the same "on" or "off" setting
in the IPv6 address entered in the ipv6 authorized-managers command. (The binary equivalent
Configuring authorized IP managers for switch access 55