Instruction/ maintenance manual of the product 5400zl HP (Hewlett-Packard)
Go to page of 195
IPv6 Configuration Guide www .pr ocurv e.com Pr oCurv e Switches K. 13.0 1 T . 13.0 1 8200zl 6200yl 5400zl 3500yl 2900.
.
ProCurve 8212zl Switch 6200yl Switch Series 5400zl Switches Series 3500yl Switches Series 2900 Switches IPv6 Configuration Guide January 2008 K.13.01 T .
Hewlett-Packa rd Company 8000 Foothills Boulevard, m/s 5551 Roseville, California 95747-5551 http://www .procurve.com © Copyright 2008 Hewlett-Pa ckard Development Company, L.P . The in formation contained he rein is subject to change with- out notice.
iii Contents Product Publications and IPv6 Command Index About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv Information So urces for Tunneling I Pv6 Over IPv4 . . . . . . . . . . . 2-5 Use Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Adding IPv6 Capability . . . . . . . . . . . . . . . .
v 3 IPv6 Addressing Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vi Overview of the Multicast Operation in IPv6 . . . . . . . . . . . . . . . . . . . . 3-21 IPv6 Multicast Address Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 Multicast Group Iden tification . . . . . . . . . . . . . . . .
vii Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20 View the Current IPv6 Addressi ng Configuration . . . . . . . . . . . . . . 4-21 Router Access and Default Ro uter Selection . . . . . . . . . . .
viii Using TFTP to Copy Files over IPv6 . . . . . . . . . . . . . . . . . . . . . . . 5-17 Using Auto-TFTP for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19 SNMP Management for IPv6 . . . . . . . . . . . . . . . . . . . . .
ix Configuring Fast Leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 Configuring Forced Fast Leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 Displaying M LD Status and C onfiguratio n . . .
x.
ix Product Publications and IPv6 Command Index About Y our Switch Manual Set Note For the latest version of all ProCur ve switch documentation, including Release Notes covering re cently added features, please v isit the ProCurve Networking W e b site at www .
x The two publicati ons listed below suppor t all of the switch es covered by this manual except the ProCurve Series 2900 switches: ■ Command Line Interface Reference Guide —Provides a comprehensive description of CLI commands, syntax , and operations.
xi IPv6 Command Index This index pro vides a tool for l ocating description s of individual I Pv6 com- mands covered in this guide. Note A link-local add ress must include %vla n< vid > w ithout spaces as a suffix. For example: fe80::110:252%vlan20 The index begin s on the next page.
xii Command Min. Level Page Authorized Manager ipv6 authorized managers < ipv6-addr > * Global Config 6-5 show ipv6 authorized-managers Manager 6-12 Copy auto-tftp Global Config 5-19 copy tftp &.
xiii IPv6 Management (Continued) ipv6 nd dad-attempts < 0 - 600 > Global Config 4-19 show ipv6 neighbors Operator 5-3 show ipv6 route Operator 4-29 show ipv6 routers Operator 4-30 snmp-server ho.
xiv.
1-1 1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-2 Getting Started Introduction Introduction This guide is intended for use w ith the following switch es: ■ ProCurve Switch 8200zl series ■ ProCurve Switch 5400zl series ■ ProCurve Switch 3500.
1-3 Getting Started Conventions Command Prompts In the defaul t configuration, your sw itch displays a CLI prompt similar to the following example: ProCurve 8212zl# T o simpl ify recognition, this guid e uses ProCurve to represen t command prompts for all switch mode ls.
1-4 Getting Started Sources for More Information Sources for More Information This guide covers features related to IPv6 operat ion in software relea se K.13.01, and includes an IPv6 command index on page xi. For information about switch operation and features no t covered in this guide, refer to the switch public ations listed in this sect ion.
1-5 Getting Started Sources for More Information ■ Advanced T raffic Management Guide —Use this guide for info rmation on topics such as: • VLANs: Static port- based and protocol VLANs, and dyna mic GVRP VLANs • spanning-T ree: 802 .1D (STP), 802.
1-6 Getting Started Sources for More Information Getting Documentation From the W eb T o obtain the latest versions of documentation and release notes for your switch: 1. Go to the ProCurve Networking web site at www .procurve.com 2. Click on T echnical su pport .
1-7 Getting Started Sources for More Information Command Line Interface If you need i nformation on a specific command in th e CLI, type the command name fo llowed by help . For example: Figure 1-3. Example of CLI Help W eb Browser Interface If you need information on specific features in the Pro Curve W eb Browser Interface, use the online Help.
1-8 Getting Started To Set Up and Install the Switch in Your Network T o Set Up and Install the Switch in Y our Network Use the ProCurve Installati on and Getting Started Guide (shipped with t he swit.
2-1 2 Introduction to IPv6 Contents Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-2 Introduction to IPv6 Contents ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-3 Introduction to IPv6 Migrating to IPv6 Migrating to IPv6 T o succ essfully migrate to IPv6 in volves maintainin g compatibility with the large installed base of IPv4 hosts an d routers for the immedi ate future. T o achieve this purpose, softwa re release K.
2-4 Introduction to IPv6 Migrating to IPv6 IPv6 Propagation IPv6 is currently i n the early stages of deployment worldwide, involving a phased-in migration led by the application of basic IPv6 functionality .
2-5 Introduction to IPv6 Migrating to IPv6 Connecting to Devices Supp orting IPv6 Over IPv4 T unneling The switches covered by this guide can interoperate with IPv6/IPv4 devices capable of tunneling IPv6 tr affic across an IPv4 infras tructure.
2-6 Introduction to IPv6 Use Model Use Model Adding IPv6 Capability IPv6 was designed by the Internet Engineer ing T ask Force (IETF) to improve on the scalability , security , ease of configuration, and network management capabilities of IPv4.
2-7 Introduction to IPv6 Configuration and Management The next three sections ou tline the IPv6 features supported in software release K.13.01. Configuration and Management This section ou tlines the con figurable manageme nt features supporting IPv6 operation on you r ProC urve IPv6-ready switch.
2-8 Introduction to IPv6 Configuration and Management and the interface identifier currently in use i n the link-local address. Having a global unicast address and a connection to an IPv6- aw are ro uter enables IPv6 traffic on a VLAN to be routed to ot her VLANs supporting IPv6-aware device s.
2-9 Introduction to IPv6 Configuration and Management Note In IPv6 for the switches co vered in this guide, th e default route cannot be statically configured. Al so, DHCPv6 does not include default route co nfigura- tion.) Refer to “Default IPv6 Router” on page 4-28 and “View IPv6 Gateway , Route, and Router Neighbors ” on page 4-29.
2-10 Introduction to IPv6 Configuration and Management IPv6 Management Features The switch's IPv6 management fe atures support operation in an environment employing IPv6 servers and management stations.With a link to a properly configured IPv6 router , switch management exte nds to rout ed traffic solu- tions.
2-11 Introduction to IPv6 Configurable IPv6 Security IP Preserve IP Preserve operation preserves both the IPv4 and IPv6 addresses config ured on VLAN 1 (the default V LAN) when a config uration fi le is downlo aded to the switch usin g TF TP . Refer to “IP Preserve for IPv6” on page 5-23.
2-12 Introduction to IPv6 Configurable IPv6 Security supported between the switch and IPv6 management stations when SSH on the switch is also configur ed for IPv6 operation.
2-13 Introduction to IPv6 Diagnostic and Troubleshooting Caution The Authorized IP Managers feature do es not protect against unauthorized station access through a mode m or direct connection to the Console (RS-232) port.
2-14 Introduction to IPv6 Diagnostic and Troubleshooting Domain Name System (DNS) Resolution This feature enables resolving a host na me to an IPv6 address and the reverse, and takes on added importance over its IPv4 counterp art du e to the extended length of IPv6 addresses.
2-15 Introduction to IPv6 IPv6 Scalability SNMP When IPv6 is enabled on a VLAN interf ace, y ou can manage the switch from a network management stati on configured with an IPv6 address.
2-16 Introduction to IPv6 Path MTU (PMTU) Discovery Path MTU (PMTU) Discovery IPv6 PMTU operation is managed auto matically by the IPv6 nodes between the source and destination of a transmission.
3-1 3 IPv6 Addressing Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 IPv6 Address Structure and Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Address Format .
3-2 IPv6 Addressing Contents Prefixes in Routable IPv6 Addr esses . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Unique Local U nicast IPv6 Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Anycast Addresses . . . . . . . .
3-3 IPv6 Addressing Introduction Introduction IPv6 supports mult iple ad dresses on an interface, and uses them in a manner comparable to subnetting an IPv4 VLAN .
3-4 IPv6 Addressing IPv6 Address Structure and Format An IPv6 address includes a network prefix and an in terface identifier . Network Prefix The network prefix (hig h-order bits) in an IPv6 address begins with a well- known, fixed pref ix for defining the add ress type.
3-5 IPv6 Addressing IPv6 Addressing Options IPv6 Addressing Options IPv6 Address Sources IPv6 addressing sources pr ovide a flexible method ol ogy for assigning addresses to VLAN interfaces on the switch.
3-6 IPv6 Addressing IPv6 Addressing Options Stateful Address Autoconfiguration. This method allows use of a DHCPv6 server to automatically config ure IPv6 addressing on a host in a manner similar to stateful IP addressi ng with a DHCPv4 server . For software release K.
3-7 IPv6 Addressing IPv6 Address Sources IPv6 Address Sources IPv6 addressing sources pr ovide a flexible method ol ogy for assigning addresses to VLAN interfaces on the switch.
3-8 IPv6 Addressing IPv6 Address Sources servers. These lifetimes cannot be rese t using control from the switch console or SNMP method s. Refer to “Preferred and V alid Address Lifet imes” on page 3- 25.
3-9 IPv6 Addressing IPv6 Address Sources Static Address Configuration Generally , static address configuratio n should be used when you w ant specific, non-default addressing to be assigned to a VLAN interface.
3-10 IPv6 Addressing Address Types and Scope Address T ypes and Scope Address T ypes IPv6 uses these IP address types: ■ Unicast: Identifi es a specific IPv6 interf ac e. T raffic having a unicast destination address is in tended for a single interface.
3-11 IPv6 Addressing Address Types and Scope Address Scope The address scope determines the ar ea (topology) in which a given IPv6 address is used. This section provid es an overview of IPv6 address types. For more information, refe r to the chapter titl ed “IPv6 Addressing”.
3-12 IPv6 Addressing Address Types and Scope In binary notation, the fixed prefi x for link-local prefixes is: 1111 1110 10 = fe80/10 For more on link-local addr esses, refer to “Link-Lo cal Unicast Address” on page 3-13. Routable Global Unicast Prefix.
3-13 IPv6 Addressing Link-Local Unicast Address Other Prefix T ypes. There are other designated global unicast prefixes such as those for the following address types: ■ RFC 4380: “T eredo: T unnel.
3-14 IPv6 Addressing Link-Local Unicast Address Because al l VLANs config ured on the switch use th e same MAC addre ss, all automatically generated lin k-local addresses on the switch will have the same link-local address.
3-15 IPv6 Addressing Link-Local Unicast Address The EUI me thod of g enerating a link-l ocal addre ss is automatically imple- mented on the switches covered by this guide when IP v6 is enabled on a VLAN interface.
3-16 IPv6 Addressing Global Unicast Address Global Unicast Address A global unicast address is required for uni cast traffic to be routed across VLANs within an organization as well as across the public internet. T o support subnetting, a VLAN can be configured wi th multiple global unic ast addresses.
3-17 IPv6 Addressing Global Unicast Address ■ generate a link-local address on the VLA N as described in the preceedi ng section (page 3-13). ■ transmit a router solicit ation on the VLAN, and to listen for adverti se- ments from any IPv6 routers on the VLAN.
3-18 IPv6 Addressing Global Unicast Address Prefixes in Routable IPv6 Addresses In routable IPv6 addresses, the prefix uniquely identifies an entity and a unicast subnet within that entity , and is defi ned by a length value specifying the number of leftm ost contiguous (high-or der) bits comprising the pref ix.
3-19 IPv6 Addressing Unique Local Unicast IPv6 Address Unique Local Unicast IPv6 Address A unique local unicast address i s an addr ess that falls within a specific range, but is used only as a global unicast ad dress within an or ganization.
3-20 IPv6 Addressing Anycast Addresses Anycast Addresses Network size, traffic loads and the pot ential for network changes make it desirable to buil d in redundancy for some n etwork services to prov ide increased service reliabilit y .
3-21 IPv6 Addressing Multicast Application to IPv6 Addressing For related information, refer to: ■ RFC 4291: “IP V ersion 6 Addressing Archetecture” ■ RFC 2526: “Reserved IPv6 Su bnet A nyca.
3-22 IPv6 Addressing Multicast Appl ication to IPv6 Addressing For informati on on Multicast Li stener Discovery (MLD) refer to the chapter titled “Multi cast Listener Discovery ( MLD) Snooping”.
3-23 IPv6 Addressing Multicast Application to IPv6 Addressing ■ multicas t scope: Bits 13-16 set boundaries on mu lticast traffic dist ribu- tion, such a s the interfa ce defined by the link-local unicast a ddress of an area, or the network bou ndaries of an organization.
3-24 IPv6 Addressing Loopback Address fe90::215:60ff:fe7a:adc0 then the corresponding soli cited-node multicast addr ess is ff02:0:0:0:0: 1:ff7a:adc0 For related information, refer to: ■ RFC 2375: I.
3-25 IPv6 Addressing The Unspecified Address The Unspecified Address The “unspecified” address is defined as 0.0. 0.0.0.0.0.0 (::/128, or just ::). It c an be used, for example, as a temporary so urce address in mul ticast traffic sent by an interface that has not yet acquir ed its own address.
3-26 IPv6 Addressing IPv6 Address Deprecation Notes Preferred and valid lifetimes on a VLAN interface are determin ed by the router advertisements received on the interface. These values are not affecte d by the lease time assigned to an address by a DHC Pv6 server .
4-1 4 IPv6 Addressing Configuration Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 General Configuration St eps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4-2 IPv6 Addressing Configuration Contents Router Solicitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Default IPv6 Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 Router Redirection .
4-3 IPv6 Addressing Configuration Introduction Introduction In the default configurati on, IPv6 operation i s disabled on the switch. This section describes the gener al steps and individual c ommands for enabling IPv6 operati on.
4-4 IPv6 Addressing Configuration General Configuration Steps General Configuration Steps The IPv6 configuration on switches runn ing software re leas e K.
4-5 IPv6 Addressing Configuration Configuring IPv6 Addressing 4. If needed, stat ically configure IP v6 unicast addressi ng on the VLAN interface as needed.
4-6 IPv6 Addressing Configuration Enabling IPv6 with an Automatically Con figured Link-Local Address Enabling IPv6 with an Automatically Configured Link-Local Address This command enables auto matical configuration of a link-local ad dress .
4-7 IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Rout er Ide ntity on a VLAN Enabling Automatic Configuration of a Global Unicast Address a.
4-8 IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Router Identity on a VLAN T o view the curre nt IPv6 autoconf iguration settings per - VLAN, use show run .
4-9 IPv6 Addressing Configuration Enabling DHCPv6 Enabling DHCPv6 Enabling the DHCPv6 option on a VLA N a llows the swi tch to obtain a global unicast address and an NTP (network time pr otocol) server assignm ent for a T imep server .
4-10 IPv6 Addressing Configuration Enabling DHCPv6 T o view the current IPv6 DHCPv6 settings per -VLAN, use show run . T o view all cu rrently conf igured IPv6 unicast addresses, use the following: ■ show ipv6 (Lists IPv6 addresses for a ll VLANs configured on the switch.
4-11 IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN ■ DHCPv6 and statically configured global unicast or anycast addresses are mutually exclusive on a given VLA N . That is, configuring DHCPv6 on a VLAN erases any static global unic ast or anycast addresses previously configured on that VLAN, and the revers e.
4-12 IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-Local Unicast Address Syntax: [no] ipv6 address fe80::< device-identif ier > link-local ■ If IPv6 is not already enable d on the VLAN, this command enables IPv6 and configures a static link-local address.
4-13 IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Statically Configuring A Global Unicast Address T o view the c urrently configured static IPv6 addresses per -VLAN, use show run .
4-14 IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Operating Notes ■ W ith IPv6 enabled, the switch determ ines the default IPv6 router for the VLAN from the router advertisements it receives. (Refer to “Router Access and Default Router Select ion” on page 4-27.
4-15 IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN T o verify the i dentity of anycast addre sses configured for VLANs to which the switch belongs, use the show run command.
4-16 IPv6 Addressing Configuration Disabling IPv6 on a VLAN Duplicate Address Detectio n (DAD) for Statically Configured Addresses Statically configured IPv6 addresses are designated as permane nt.
4-17 IPv6 Addressing Configuration Neighbor Discovery (ND) Neighbor Discovery (ND) Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP for layer 2 address resolution, and uses IPv6 IC MP messages to do the following: ■ Determine the link-lay er address of neighbors on the same VLAN inter- face.
4-18 IPv6 Addressing Configuration Duplicate Address Detection (DAD) Note: Neighbor and router so licitations mu st originate on t he same VLAN as the receiving device. T o support this operation, IPv6 is de signed to discard any incoming neighbor or router solicitation that does not have a value of 255 in the IP Hop Limit field.
4-19 IPv6 Addressing Configuration Duplicate Address Detection (DAD) that includes its link-local a ddress. If the newly configured address is from a static or DHCPv6 source and is found to be a duplicate, it is labelled as duplicate in the “Address Status” field of the show ipv6 command, and is not used.
4-20 IPv6 Addressing Configuration Duplicate Address Detection (DAD) Operating Notes ■ A verified link-local unicast address must exist on a VLAN interface before the switch can run DAD on other addr esses associated with the interface.
4-21 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration V iew the Current IPv6 Addressing Configuration Use these commands to view the current status of the IPv 6 configuration on the switch. Syntax: show ipv6 Lists the current, global IPv6 settings and per -VLAN IPv6 addressing on the switch.
4-22 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration For example, figure 4-1 shows the outp ut on a switch having IPv6 enabled on one VLAN. Address Origin: ■ Autoconfig: The address was configured using stateless address autoconfiguration (S LAAC).
4-23 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Figure 4-1. Example of Show IPv6 Command Output ProCurve(config)# show ipv6 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.
4-24 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ■ DAD Attempts: Indicates the number of neighbor solicita- tions the switch transmit s per - address for duplicate (IPv6) address detection.
4-25 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Figure 4-2. Example of Show IPv6 VLAN < vid > Output ProCurve(config)# show ipv6 vlan 10 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.
4-26 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Figure 4-3. Example of Show Run Output Listin g the Current IPv6 Addressing Commands ProCurve(config)# show run Running configuration: .
4-27 IPv6 Addressing Configuration Router Access and Default Router Selection Router Access and Default Router Selection Routing traffic between destin ations on different VLANs configured on the swit.
4-28 IPv6 Addressing Configuration Router Access and Default Router Selection Note If the switch does not re ceive a router advertisemen t after sending the router solicitations, as described above, t.
4-29 IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors V iew IPv6 Gateway , Route, and Router Neighbors Use these commands to view the switch 's current routing table content and connectivity to routers per VLAN.
4-30 IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors Figure 4-4. Example of Show IPv6 Route Output V iewing IPv6 Router Information ProCurve(config)# show ipv6 route IPv6 Route Entries Dest : ::/0 Type : static Gateway : fe80::213:c4ff:fedd:14b0 %vlan10 Dist.
4-31 IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors For example, figure 4-5 indicates that th e switch is receivi ng router advertise- ments from a single router that exists on VLAN 10.
4-32 IPv6 Addressing Configuration Address Lifetimes Address Lifetimes Every configured IPv6 unic ast and anycas t address has a lifetime setting that determines how long the address can be used b efore it must be refreshed or replaced. Some addresses are set as “p ermanent” and do not expire.
4-33 IPv6 Addressing Configuration Address Lifetimes T able 4-1. IPv6 Unicast Addresses Lifetimes A new , preferred address used as a re placement for a deprecated address can be acquired from a man ual, DHCPv6, or au toconfigurati on source.
4-34 IPv6 Addressing Configuration Address Lifetimes.
5-1 5 IPv6 Management Features Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Viewing and Clearing the IPv6 Neighbors Cache . . . . . . . . . . . . . . . . 5-2 Viewing the Neighbor Cache .
5-2 IPv6 Management Features Introduction Introduction This chapter focuses on the IPv6 ap plicatio n of managem ent fe atures in software release K.13.01 that support both IPv6 and IP v4 operation. Fo r additional information on these features, refer to the current Management and Configuration Guide for your switch.
5-3 IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache V iewing the Neighbor Cache Neighbor discovery occurs when th ere is communication between IPv6 devices on a VLAN. The Neighbor Cache re tains data for a given neighbor until the entry times out.
5-4 IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Figure 5-1. Example of Neighbor Ca che Without Specifying a VLAN Figure 5-2.
5-5 IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Clearing the Neighbor Cache When there is an eve nt such as a to pology change or an address change, the neighbor cache may have too many entries to allow efficient use.
5-6 IPv6 Management Features Telnet6 Operation T elnet6 Operation This section describes T elnet operation for IPv6 on the switch . For IPv4 T elnet operation, refer to the Management and Configurat ion Guide for your switch.
5-7 IPv6 Management Features Telnet6 Operation V iewing the Current T eln et Activity on a Switch For example, the followin g figure shows that the switch is running one outbound, IPv4 session and is being accessed by t wo inbound sessions. Figure 5-4.
5-8 IPv6 Management Features Telnet6 Operation Enabling or Disabling Inbound T elnet6 Access For example, to disable T e lnet6 access to the switch, you would use this com- mand: ProCurve(config)# no telnet6-server V iewing the Current Inbound T elnet6 Configuration Figure 5-5.
5-9 IPv6 Management Features SNTP and Timep SNTP and T imep Configuring (Enabling or Disabling) the SNTP Mode Software release K.13.01 enables configur ation of a global unicast address for IPv6 SNTP time server . This section lists the SNTP and relate d commands, inclu ding an exam ple of using an IPv6 address.
5-10 IPv6 Management Features SNTP and Timep Configuring an IPv6 Addr ess for an SNTP Server Note T o use a gl obal unicast IPv6 address to configure an IPv6 SNTP time serv er on the switch, th e switch must be receivin g advertisem ents from an IPv6 router on a VL AN configured on the switch.
5-11 IPv6 Management Features SNTP and Timep For example, to configure link-local and global unicast SNTP server addresses of: ■ fe80::215:60ff:fe7a:adc0 (on VLAN 10, configured on the switch) ■ 2.
5-12 IPv6 Management Features SNTP and Timep For example, the show sntp output for the preceeding sntp server command example would appear as follows: Figure 5-6. Example of Show SNTP Output with Both an IPv6 and an IPv4 Se rver Address Conf igured Note that the show management command can also be used to display SNTP server information.
5-13 IPv6 Management Features SNTP and Timep Note T o use a g lobal unicast IPv6 address to configure an IPv6 Timep server on the switch, the switch must be receiving a dvertisements from an IPv6 route r on a VLAN configured on the switch.
5-14 IPv6 Management Features SNTP and Timep ProCurve(config)# ip timep manual fe80::215:60ff:fe7a:adc0%vlan10 Note In the precee ding exampl e, using a lin k-l ocal address requires that you specify the local scope for the address; VLAN 10 in this case.
5-15 IPv6 Management Features TFTP File Transfers Over IPv6 TF TP File T ransfers Over IPv6 TF TP File T ransfers over IPv6 Y ou can use TF TP copy commands over IPv6 to up load, or downlo ad files to.
5-16 IPv6 Management Features TFTP File Transfers Over IPv6 Enabling TF TP for IPv6 TF TP for IPv6 is enabled by defa ult on the swi tch. However , if it is di sabled, you can re-enable it by specify ing TF TP cl ient or server functio nality with th e tftp6 < client | server > command.
5-17 IPv6 Management Features TFTP File Transfers Over IPv6 Using TF TP to Copy Files over IPv6 Use the TF TP copy commands described in this section to: ■ Download specified files from a TF TP server to a switc h on which TF TP client functionality is enabled.
5-18 IPv6 Management Features TFTP File Transfers Over IPv6 . ■ flash < primary | secondary >: Copies a software file stored on a remote host to primary or secondary flash memory on the switch. T o run a newly downloaded soft ware image, enter the reload or boot sy stem flash command.
5-19 IPv6 Management Features TFTP File Transfers Over IPv6 Using Auto-TF TP for IPv6 The auto-TF TP for IPv6 feature automati cally do wnloads a softwa re image to a switch, on which TF TP client functionali ty is enabled, from a specified IPv6- based device at switch startup.
5-20 IPv6 Management Features SNMP Management for IPv6 SNMP Management for IPv6 As with SNMP for IPv4, you can manage a switch via SNMP from an IPv6- based network management st ation by usin g an application such a s ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+).
5-21 IPv6 Management Features SNMP Management for IPv6 SNMP Configuration Commands Supported IPv6 addressing is su pported in the following SNMP co nfiguration commands: For more information on each S.
5-22 IPv6 Management Features SNMP Management for IPv6 The show snmp-server command displa ys the current SNMP policy configuration, incl uding SNMP communitie s, network security notifi cations, link.
5-23 IPv6 Management Features IP Preserve for IPv6 The show snmpv3 targetaddress command displays the configu ration (including the IPv4 or IPv6 address) of the SNMPv3 management stati ons to which notification messages are se nt.
5-24 IPv6 Management Features IP Preserve f or IPv6 Figure 5-10. Example of How to Enter IP Preserve in a Configuration File T o download an IP Pr eserve conf iguration f ile to an IPv6 -based switc h.
5-25 IPv6 Management Features IP Preserve for IPv6 Note that if a switch received its IP v6 address from a DHCP serve r , the “ip address” field under “vlan 1” would displ ay: dhcp-bootp .
5-26 IPv6 Management Features IP Preserve f or IPv6.
6-1 6 IPv6 Management Security Features Contents IPv6 Management Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Authorized IP Managers for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Usage Notes .
6-2 IPv6 Management Security Features IPv6 Management Security IPv6 Management Security This chapter describes manageme nt secu rity feat ures that are IPv6 counter- parts of IPv4 management security featur es on the switches covered by this guide.
6-3 IPv6 Management Security Features Authorized IP Managers for IPv6 Authorized IP Managers for IPv6 The Authorized IP Managers feature us es IP addresses and masks to deter- mine which stations (PCs or workstat ions) can access the switch through the network.
6-4 IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Y ou configure each authorized manage r address with Manager or Opera- tor -level privilege to acc ess the swit ch in a T elnet, SNMPv1, or SNMPv 2c session.
6-5 IPv6 Management Security Features Authorized IP Managers for IPv6 Configuring Authorized IP Managers for Switch Access T o configure one or more IPv6-based manag ement stations to access the switc.
6-6 IPv6 Management Security Features Authorized IP Managers for IPv6 Notes If you do not enter a value for the ipv6-mask parameter when you configure an authorized IPv6 address, th e switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the default mask (see “Configuring Authorized IP Managers for Switch Access” on page 6-5).
6-7 IPv6 Management Security Features Authorized IP Managers for IPv6 Conversely , in a mask, a “0” binary bit mean s that ei ther the “ on” or “off” sett ing of the corresponding IPv6 bit in an au thorized address is valid and does not have to match th e setting of the same bi t in the specified IPv6 address.
6-8 IPv6 Management Security Features Authorized IP Managers for IPv6 Example. Figure 6-3 shows an example in which a mask that authorizes switch access to four management stat ions is applied to the IPv6 address: 2001:DB8:0000:0000:244:17FF:FEB6:D37D .
6-9 IPv6 Management Security Features Authorized IP Managers for IPv6 to 0 (“off”) and allow the correspondin g bits in an authorize d IPv6 address to be either “on” or “off”. As a result, only th e four IPv6 addresses shown in Figure 6-5 are all owed access.
6-10 IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Each authorized station has the same 64-bit device ID ( 244:17FF:FEB6:D37D ) because the value of the last four blocks in the mask i s FFFF (binary value 1111 1111).
6-11 IPv6 Management Security Features Authorized IP Managers for IPv6 Figure 6-7 shows the bits in the fourth block of the mask that determine the valid subnets in which authorized stat ions with an IPv6 device ID of 244:17FF:FEB6:D37D reside.
6-12 IPv6 Management Security Features Authorized IP Managers for IPv6 Displaying an Authorized IP Managers Configuration Use the show ipv6 authorized-ma nagers command to list the IPv6 stations authorized to access th e switch; for example: Figure 6-9.
6-13 IPv6 Management Security Features Authorized IP Managers for IPv6 Additional Examples of Au thorized IPv6 Managers Configuration Authorizing Manager Access. The following IPv6 co mmands authoriz e manager -level access for one link-loc al stat ion at a time.
6-14 IPv6 Management Security Features Authorized IP Managers for IPv6 The next IPv6 command authorizes oper ator -level access for sixty-four IPv6 stations: thirt y-two stations in the subnets define.
6-15 IPv6 Management Security Features Secure Shell for IPv6 Secure Shell for IPv6 The Secure Shell (SSH) for IPv6 featur e prov ides the sa me T elnet-like f unc- tions through encrypted, au thenticated transactions as SSH for IPv4. SSH for IPv6 provides CLI (console) access and se cure file transfer functionality .
6-16 IPv6 Management Security Features Secure Shell for IPv6 Note As with IPv4, the switch only supports SSH versi on 2. Y ou cannot set up an SSH session with a cli ent device runnin g SSH version 1.
6-17 IPv6 Management Security Features Secure Shell for IPv6 Displaying an SSH Configuration T o verify an SSH for IPv6 configuratio n and display all SSH sessions running on the switch, enter th e show ip ssh command. Inform ation on all current SSH sessions (IPv4 and IPv6) is displayed.
6-18 IPv6 Management Security Features Secure Copy and Secure FTP for IPv6 Secure Copy and Secure F TP for IPv6 Y ou can take advantage of the Secure Copy (SCP) and Secure F TP (SF TP) client applicat.
7-1 7 Multicast Listener Di scovery (MLD) Snooping Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Introduction to MLD Snooping . . . . . . . . . . . . . . . . . . . . . .
7-2 Multicast Listener Discovery (MLD) Snooping Overview Overview Multicast addressi ng allows on e-to-many or many-to -many communicatio n among hosts on a net work. T ypical applicatio ns of multicast co mmunication include audio and video streaming, de sktop conferenci ng, coll aborative com- puting, and simi lar applications.
7-3 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Introduction to MLD Snooping There ar e several rol es that ne twork device s may play i n an IPv6 multicast environment: .
7-4 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping General opera tion. Multicast communication can take place without ML D, and by default MLD is disabl ed.
7-5 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Note that MLD snoop ing operates on a single V LAN (though there can be multiple VLANs, each runni ng MLD snooping). Cross-VLAN traffic is handled by a multicast router . Forwarding in MLD snooping.
7-6 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping A network node establ ishes itself as an MLD h ost by issuing a multi cast “join” request (also called a multicast “report”) for a specific multicast address when it starts an application that listens to multicast traffic .
7-7 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Fast leaves and forc ed fast leaves. The fast leave a nd forced fast leave functions can help to prune unnecessary mu lticast traffic when an MLD host issues a leave request from a multicas t a ddress.
7-8 Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring MLD Several CLI commands are available fo r configuring MLD parameters on a switch.
7-9 Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring Per -Port MLD T raffic Filters For example: Figure 7-3. Example of an MLD Con figuration with T raffic Filters Syntax: ipv6 mld [auto <port-list> | blo cked <port-list> | forward <port-list> ] Note: This command must be issued in a VLAN context.
7-10 Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring the Querier For example, to disable the switch fr om acting as querier on VLAN 8: ProCurve(vlan-8)# no ipv6 mld querie r T .
7-11 Multicast Listener Discovery (MLD) Snooping Configuring MLD For exampl e, to disable fast leave on ports in VLAN 8: ProCurve(vlan-8)# no ipv6 mld fast leave a14-a15 T o enable fast leave on ports.
7-12 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Displaying MLD Status and Configuration Current MLD Status For example, a switch wi th MLD snooping conf igured on VLANs 8 and 9 might show the follow ing information: Figure 7-4.
7-13 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Figure 7-5. Continuation of Figure 7-4 ff02::1:ff04:3 FILT 0h:4m:5s A20 ff02::1:ff05:1 FILT 0h:4m:3s A21 ff02:.
7-14 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown fo r each VLAN that has MLD snooping enabled: ■ VLAN ID number and name .
7-15 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Current MLD Configuration For example, the general form of the command might look like this: Figure 7-6.
7-16 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The specific form of the co mmand might look like this: Figure 7-7.
7-17 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Ports Currently Joined For example, the general form of the com mand is shown below . The specific form the the command is similar , except that it lists the port in formation for only the specified group .
7-18 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown: ■ VLAN ID and nam e ■ port information for ea ch IPv6 multi cast group.
7-19 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation For example, the gene ra l form of th e command: Figure 7-9. Example of MLD Statistic s for All VLANs Configured And the specific form of the command: Figure 7-10.
7-20 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Counters Figure 7-11. Example of MLD Count ers for a Single VLAN Syntax: show ipv6 mld vlan <vid> c ounte.
7-21 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation The following information is shown: ■ VLAN number and n ame ■ For each VLAN: • number of general queries.
7-22 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration.
8-1 8 IPv6 Diagnostic and T roubleshooting Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8-2 IPv6 Diagnostic and Troubleshooting Introduction Introduction The IPv6 ICMP fe ature enabl es control over the er ror and informa tional message rate for IPv6 traffic, which c an help mitigate the ef fects of a De nial- of-service attack.
8-3 IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting Controlling the frequ ency of IC MPv6 error messages can help to preven t DoS (Denial- of- Service) attacks. With IP v6 enabled on the switch, you can control the allowable frequency of these me ssages with ICM Pv6 rate-limit ing.
8-4 IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Ping for IPv6 (Ping6) The Ping6 test is a point- to-point test th at a ccepts an IPv6 address or IPv6 host name to see if an IPv6 switch is c ommu nicating proper ly with another device on the same or another IP network .
8-5 IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Figure 8-1. Examples of IPv6 Ping T ests [timeout] : Number of seconds within which a response is required from the destination ho st before the ping test times out. V alid values: 1 - 60. Default: 1 second.
8-6 IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 T raceroute for IPv6 The traceroute6 command enables you to trace the route from a switch to a host device that is identi fied by an IPv6 address or IPv6 host name. In the command output, information on each (router) hop betwee n the switch and the destination IPv6 address is displayed.
8-7 IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Syntax: traceroute6 < ipv6-a ddress | hostname > [minttl < 1-255 > [maxttl < 1-255 > [tim eout < 1 - 60 >] [probes &.
8-8 IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Figure 8-2. Examples of IPv6 T r aceroute Probes ProCurve# traceroute6 2001:db8::10 traceroute to 2001:db8::10 1 hop min, 30 hops max , 5 sec.
8-9 IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 DNS Resolver for IPv6 The Domain Name System (DNS) resolv er is designed f or local network domains where it enables us e of a host name or fully qualified domain name to support DNS-compat ible commands fr om the switch.
8-10 IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 For example, suppose you want to c onfigure the following on the switch: ■ the address 2001:db8::127:10 which identi fies a DNS server in the dom ain named mygroup.procurve.n et ■ a priority of 1 for the above server ■ the domain suffix mygroup.
8-11 IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 been configured as the domain name on the switch and th e address of a DNS server residing in that domain is also configured on the switch. The commands for these steps are as follows: Figure 8-1.
8-12 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug/Syslog for IPv6 The Debug/System logging ( Syslog ) for IPv6 feature provi des the same logg ing functions as th e IPv4 vers ion, allowing you to record IPv4 and IPv6 Event Log and debug messages on a remote device to troubleshoot switch or network operation.
8-13 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug Command Syntax: [no] d ebug < debug-type > Configures the types of IPv4 and IPv6 messages that are sent to Syslog servers or .
8-14 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Syntax:. [n o] debug < debug-type > (Continued) ip [ ospf < adj | event | flood | lsa-generation | packet | retransmissio n | spf > ] Configures specified IPv4 OSPF message types to be sent to configured debug destinations: adj — Adjacency changes.
8-15 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Configuring Debug Destinations A Debug/Syslog destination device can be a Syslog server (up to six maximum) and/or a console session: ■.
8-16 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Logging Command For complete info rmation on how to configure a Syslog server and Debug/ Syslog message report s, refer to the “T roubleshooting” appendi x in the Man- agement and Configuration Guide .
1 A Te r m i n o l o g y DAD Duplicate Address Detection. Refer to “Duplicate Address Detection (DAD)” on page 4-18. Device Identifier The low- order bits in an IPv6 addre ss that identify a specific device.
2 Terminology.
Index – 1 Index Symbols … 4-7, 4-13 %vlan suffix … 5-6, 5-10, 5-13 A ACL debug messages … 8-13 address configuration DNS for IPv6 … 2-14 duplicate unicast addresses … 3-6 duplicate unicast.
2 – Index crash data file TFTP upload on remote device … 5-18 crash log TFTP upload on remote device … 5-18 D DAD configuration … 4-19 detecting duplicate uni cast addresse s … 3-6, 4-18 det.
Index – 3 G gateway determining default IPv6 route … 2-8, 4-29 global unicast address autoconfiguration … 3- 5, 3-11, 3-16, 4-7 autoconfigured is mutua lly exclusive with DHCP server-asigned add.
4 – Index single IPv6 link-local address on an interface … 3-13 SNMP support … 2-15, 5-20 SNTP See SNTP server. SSHv2 … 2-11 See also SSH. static address configuration … 4-11 supported switc.
Index – 5 See MLD. N neighbor cache, view …5 - 3 neighbor discovery for IPv6 nodes … 2-14 IPv6 similar to IPv4 ARP … 2-9, 4-17 neighbor solicitations used in duplicate address detection … 4 .
6 – Index configuring SNMPv3 management station … 5-21 displaying SNMPv3 management station configuration … 5-23 displaying trap configuration … 5-22 features supported for IPv6 … 5-20 IPv6 .
Index – 7 displaying configuration … 5-22 supported in IPv6 … 5-20 troubleshooting configuring Syslog servers … 8-15 IPv6 addresses in event log … 2-14 ping6 … 2-13 traceroute6 … 2-13 us.
.
© Copyright 2008 Hewlett-Pack ard Development Company , L.P . January 2008 Manual Part Number 5992-3067.
An important point after buying a device HP (Hewlett-Packard) 5400zl (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought HP (Hewlett-Packard) 5400zl yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data HP (Hewlett-Packard) 5400zl - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, HP (Hewlett-Packard) 5400zl you will learn all the available features of the product, as well as information on its operation. The information that you get HP (Hewlett-Packard) 5400zl will certainly help you make a decision on the purchase.
If you already are a holder of HP (Hewlett-Packard) 5400zl, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime HP (Hewlett-Packard) 5400zl.
However, one of the most important roles played by the user manual is to help in solving problems with HP (Hewlett-Packard) 5400zl. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device HP (Hewlett-Packard) 5400zl along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
