Manualshelf

IPv6 Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R-92G-PoE+/2SFP+ (No PSU) v2 zl2 Switch
61626364656667686970
Authorized IP managers for IPv6
The authorized IP managers feature uses IP addresses and masks to determine which stations (PCs
or workstations) can access the switch through the network. This feature supports switch access
through:
Telnet and other terminal emulation applications
SNMP (with a correct community name)
SSH
TFTP
As with the configuration of IPv4 management stations, the authorized IP managers for IPv6 feature
allows you to specify the IPv6-based stations that can access the switch.
You can configure up to 100 authorized IPv4 and IPv6 manager addresses on a switch, where
each address applies to either a single management station or a group of stations. Each
authorized manager address consists of an IPv4 or IPv6 address and a mask that determines
the individual management stations that are allowed access.
You configure authorized IPv4 manager addresses using the ip authorized-managers
command. For more information, see "Using Authorized IP Managers" in the Access
Security Guide.
You configure authorized IPv6 manager addresses using the ipv6
authorized-managers command. For more information, see “Configuring authorized
IP managers for switch access” (page 55).
You can block all IPv4-based or all IPv6-based management stations from accessing the switch
by entering the following commands:
To block access to all IPv4 manager addresses while allowing access to IPv6 manager
addresses, enter the ip authorized-managers 0.0.0.0 command.
To block access to all IPv6 manager addresses while allowing access to IPv4 manager
addresses, enter the ipv6 authorized-managers :: command. (The double colon
represents an IPv6 address that consists of all zeros: 0:0:0:0:0:0:0:0.)
You configure each authorized manager address with manager- or operator-level privilege to
access the switch.
Manager privilege allows full access to all console interface screens for viewing,
configuring, and all other operations available in these interfaces.
Operator privilege allows read-only access from the console interfaces.
When you configure station access to the switch using the authorized IP managers feature,
the settings take precedence over the access configured with local passwords, TACACS+
servers, RADIUS-assigned settings, port-based (802.1X) authentication, and port security
settings.
As a result, the IPv6 address of a networked management device must be configured with the
authorized IP managers feature before the switch can authenticate the device using the configured
settings from other access security features. If the authorized IP managers feature disallows access
to the device, access is denied. Therefore, with authorized IP managers configured, logging in
with the correct passwords is not sufficient to access a switch through the network unless the station
requesting access is also authorized in the switch's authorized IP managers configuration.
62 IPv6 Management Security Features