Gebruiksaanwijzing /service van het product 2910AL van de fabrikant HP (Hewlett-Packard)
Ga naar pagina of 194
IPv6 Configuration Guide Pr oCurv e Switches W . 1 4.03 29 10al www .procurv e.com.
.
HP ProCurve 2910al Switch February 2009 W .14.03 IPv6 Configuration Guide.
© Copyright 2009 Hewlett-Pa ckard Development Company, L.P . The information contain ed herein is subject to ch ange with- out notice. All Rights Reserved.
Contents About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Electronic Publications . . . . . . . . . .
2 Introduction to IPv6 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15 Loopback Address . . . .
Global Unicast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Stateless Autoconfig uration of a Glo bal Unicast Address . . . . . . . . . 3-16 Static Configuration of a Global Unicast Address . . . . . . . .
Statically Co nfiguring An Anyc ast Address . . . . . . . . . . . . . . . . . . . . . 4-14 Duplicate Address Detection (DAD) for Statically Configured Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Disabling IPv6 on a VLAN .
Viewing the Current Inbo und Telnet6 Configuration . . . . . . . . . . . . . . 5-8 SNTP and Timep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 Configuring (Enabl ing or Disabling) the SN T P Mode . . .
7 Multicast Listener Disc overy (MLD) Snooping Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A Terminology Index x.
Product Documentation About Y our Switch Manual Set Note For the latest version of all ProCur ve switch documentation, including Release Notes covering re cently added features, please visit the ProCurv e Networking W eb site at www .procurve.com, c lick on Cu stomer Care , and then click on Manuals .
Software Feature Index For the software manual se t supporting your 2910al sw itch model, this feature index indicate s which manual to consult for in formation on a given software feature. Note This Index does not cover IPv6 capable software features.
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide DHCP/Bootp Operation Diagnostic T ools Downloading Software X X X Dynamic ARP Protection Dynamic Configuration Arbiter Eavesdrop Protection Event Log X X X X Factory Default Settings Flow Control (802.
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide MAC Lockdown X MAC Lockout MAC-based Authentication Mana.
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide RMON 1,2,3,9 Routing Routing - IP Static X X X Secure Co.
Intelligent Edge Software Features Manual Management and Configuration Advanced T raffic Management Multicast and Routing Access Security Guide Vo i c e V L A N W eb Authentication RADIUS Support W eb.
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Getting Started Introduction Introduction This guide is intende d for use with the followin g switches: ■ HP ProCurve 2910al Switch It describes how to use the command l in e interface (C LI), Menu interface, and web browser to conf igure, manage, monitor , and troubleshoot swit ch opera- tion.
Getting Started Conventions ■ Boldface indicates use of a CLI command, part of a CLI command syntax, or other displayed element in general text. For example: “Use the copy tftp command to download the key from a TFTP ser ver .” ■ Italics indicate variables for which yo u must supply a value when execut- ing the command.
Getting Started Sources for More Information Keys Simulations o f actual keys use a bold, sa ns-serif typeface with square brackets. For example, the T ab key appears as [T ab] and the “Y” key appears as [Y] .
Getting Started Sources for More Information • port configurati on, trunking, traffic control, and PoE operation • SNMP , LLDP , and ot her network management topi cs • file transfers, switch mo.
Getting Started Sources for More Information Getting Documentation From the W eb T o obtain th e latest versions of documentati on and release notes for your switch: 1. Go to the ProCurve Networking web site at www .procurve.com 2. Click on Customer Care .
Getting Started Sources for More Information Command Line Interface If you need i nformation on a specific comm and in the CLI, type the command name fo llowed by help .
1 Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing If you just want to give th e switch an IP address so that it can communicate on your network, or if you are not us ing VLANs, ProCurve recommends that you use the Switch Setup sc reen to quickly configure IP addressing.
2 Introduction to IPv6 Contents Migrating to IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 IPv6 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Dual-Stack Operation .
Introduction to IPv6 Contents ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 Traceroute6 .
Introduction to IPv6 Migrating to IPv6 Migrating to IPv6 T o successfully migrat e to IPv6 involves mainta ining compatibilit y with the large installed base of IPv4 hosts an d routers for the immedi ate future. T o achieve this purpose, softwa re release K.
Introduction to IPv6 Migrating to IPv6 IPv6 Propagation IPv6 is currently i n the early stag es of deployment worldwide, involving a phased-in migration led by the application of basic IPv6 functi onality .
Introduction to IPv6 Migrating to IPv6 Connecting to Devices Supp orting IPv6 Over IPv4 T unneling The switches covered by this guide can interoperate with IPv6/IPv4 devices capable of tunneling IPv6 tr affic across an IPv4 infras tructure.
Introduction to IPv6 Use Model Use Model Adding IPv6 Capability IPv6 was designed by the Internet Engineer ing T ask Force (IETF) to i mprove on the scalability , security , ease of configuration, and network management capabilities of IPv4.
Introduction to IPv6 Configuration and Management The next three sections ou tline the IPv6 features supported in software release K.13.01. Configuration and Management This section ou tlines the con figurable manageme nt features supporting IPv6 operation on you r ProC urve IPv6-ready switch.
Introduction to IPv6 Configuration and Management and the interface identifier currently in use i n the link-local address. Having a global unicast address and a connection to an IPv6- aware ro uter enables IPv6 traffic on a VLAN to be routed to ot her VLANs supporting IPv6-aware device s.
Introduction to IPv6 Configuration and Management Note In IPv6 for the switches co vered in this guide, th e default route cannot be statically configured. Al so, DHCPv6 does not include default route configur a- tion.) Refer to “Default IPv6 Router” on page 4-28 and “View IPv6 Gateway , Route, and Router Neighbors ” on page 4-29.
Introduction to IPv6 Configuration and Management IPv6 Management Features The switch's IPv6 management fe atures support operation in an environment employing IPv6 servers and management stations.With a link to a properly configured IPv6 router , switch managem ent extends to rout ed traffic solu- tions.
Introduction to IPv6 Configurable IPv6 Security IP Preserve IP Preserve operation preserves both the IPv4 and IPv6 addresses config ured on VLAN 1 (the default VLAN) when a configurati on file is downlo aded to the switch using TFTP . Refer t o “IP Preserve for IPv6” on page 5-23.
Introduction to IPv6 Configurable IPv6 Security supported between the switch and IPv6 management stations when SSH on the switch is also configur ed for IPv6 operation.
Introduction to IPv6 Diagnostic and Troubleshooting Caution The Authorized IP Managers feature do es not protect against unauthorized station access through a mode m or direct connection to the Console (RS-2 32) port.
Introduction to IPv6 Diagnostic and Troubleshooting Domain Name System (DNS) Resolution This feature enables resolving a host na me to an IPv6 address and the reverse, and takes on added importance over its IPv4 coun terpart du e to the e xtended length of IPv6 addresses.
Introduction to IPv6 IPv6 Scalability SNMP When IPv6 is enabled on a VLAN interf ace, y ou can manage the switch from a network management stati on configured with an IPv6 address.
Introduction to IPv6 Path MTU (PMTU) Discovery Path MTU (PMTU) Discovery IPv6 PMTU operation is managed auto matically by the IPv 6 nodes between the source and destination of a transmission.
3 IPv6 Addressing Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 IPv6 Address Structure and Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Address Format .
IPv6 Addressing Contents Prefixes in Routable IPv6 Addr esses . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18 Unique Local U nicast IPv6 Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19 Anycast Addresses . . . . . . . . . .
IPv6 Addressing Introduction Introduction IPv6 supports mult iple ad dresses on an interface, and uses them in a manner comparable to subnetting an IPv4 VLAN .
IPv6 Addressing IPv6 Address Structure and Format An IPv6 address includes a network prefix and an in terface identifier . Network Prefix The network prefix (high- order bits) in an IPv6 address begins with a well- known, fixed pref ix for defining the address type.
IPv6 Addressing IPv6 Addressing Options IPv6 Addressing Options IPv6 Address Sources IPv6 addressing sources pr ovide a flexible methodol ogy for assigning addresses to VLAN interfaces on the switch.
IPv6 Addressing IPv6 Addressing Options Stateful Address Autoconfiguration. This method allows use of a DHCPv6 server to automatically c onfig ure IPv6 addressing on a host in a manner similar to stateful IP addressi ng with a DHCPv4 server . For software release K.
IPv6 Addressing IPv6 Address Sources IPv6 Address Sources IPv6 addressing sources pr ovide a flexible methodol ogy for assigning addresses to VLAN interfaces on the switch.
IPv6 Addressing IPv6 Address Sources servers. These lifetimes cannot be rese t using control from the switch console or SNMP method s. Refer to “Preferred and V alid Addr ess Lifetimes” on page 3- 25.
IPv6 Addressing IPv6 Address Sources Static Address Configuration Generally , static address conf iguration should be used w hen you want specific, non-default addressing to be assigned to a VLAN interface.
IPv6 Addressing Address Types and Scope Address T ypes and Scope Address T ypes IPv6 uses these IP address types: ■ Unicast: Identifi es a specific IPv6 interf ace.
IPv6 Addressing Address Types and Scope Address Scope The address scope determines the ar ea (topology) in which a given IPv6 address is used. This section provid es an overview of IPv6 address types. For more information, refer to the chapter ti tled “IPv6 Addressing”.
IPv6 Addressing Address Types and Scope In binary notation, the fixed prefi x for link-local prefixes is: 1111 1110 10 = fe80/10 For more on link-local a ddr esses, refer to “Link-Lo cal Unicast Address” on page 3-13. Routable Global Unicast Prefix.
IPv6 Addressing Link-Local Unicast Address Other Prefix T ypes. There are other designated global unicast pre fixes such as those for the following address types: ■ RFC 4380: “T eredo: T unneling .
IPv6 Addressing Link-Local Unicast Address Note Because al l VLANs configured on the switch us e the same MAC addre ss, all automatically generated lin k-local addresses on the switch wi ll have the same link-local address.
IPv6 Addressing Link-Local Unicast Address MAC Address IPv6 I/F Identifier Full Link-Local Unicast Address 00-15-60-7a-ad-c0 215:60ff:fe7a: adc0 fe80::215:60ff:fe7a:adc0/64 09-c1-8a-44-b4-9d 11c1:8 af.
IPv6 Addressing Global Unicast Address Global Unicast Address A global unicast address is required for unicast traffic to be routed across VLANs within an organization as well as acro ss the public internet. T o support subnetting, a VLAN can be configured wi th multiple global unic ast addresses.
IPv6 Addressing Global Unicast Address ■ generate a link-local address on the VL AN as described in the preceding section (page 3-13). ■ transmit a router solicit ation on the VLAN, and to listen for advertise- ments from any IPv6 routers on the VLAN.
IPv6 Addressing Global Unicast Address Prefixes in Routable IPv6 Addresses In routable IPv6 addresses, the prefix uniquely identifies an entity and a unicast subnet within that entity , and is defined by a length value specifying the number of leftmos t contiguous (high-order) bits co mprising the prefix.
IPv6 Addressing Unique Local Unicast IPv6 Address Unique Local Unicast IPv6 Address A unique local unicast address i s an addr ess that falls within a spec ific range, but is used only as a global unicast ad dress within an or ganization.
IPv6 Addressing Anycast Addresses Anycast Addresses Network size, traffic loads and the pot ential for network changes make it desirable to buil d in redundancy for some n etwork services to prov ide increased service reliabilit y .
IPv6 Addressing Multicast Application to IPv6 Addressing For related information, refer to: ■ RFC 4291: “IP V ersi on 6 Addressing Architecture” ■ RFC 2526: “Reserved IPv6 Su bnet A nycast A.
IPv6 Addressing Multicast Appl ication to IPv6 Addressing For informati on on Multicast Listener Discovery (MLD) refer to the chapter titled “Multi cast Listener Discovery (MLD) Snoopi ng”.
IPv6 Addressing Multicast Application to IPv6 Addressing ■ multicas t scope: Bits 13-16 set boundaries on multicast traffic distribu- tion, such a s the interface defined by the link-local unicast address of an area, or the network b oundaries of an organization.
IPv6 Addressing Loopback Address fe90::215:60ff:fe7a:adc0 then the corresponding soli cited-node multicast address is ff02:0:0:0:0: 1:ff7a:adc0 For related information, refer to: ■ RFC 2375: IPv6 Mu.
IPv6 Addressing The Unspecified Address The Unspecified Address The “unspecified” address is defined as 0.0. 0.0.0.0.0.0 (::/128, or just ::). It c an be used, for example, as a temporary so urce address in multicast traffic sent by an interface that has not yet acquir ed its own address.
IPv6 Addressing IPv6 Address Deprecation Notes Preferred and valid lifetimes on a VLAN interface are determin ed by the router advertisements received on the interface. These values are not affected by the lease time assigned to an address by a DHC Pv6 server .
4 IPv6 Addressing Configuration Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Enabling IPv6 with an Automatically Enabling Automati c Configuration of a Global Unicast Address and a Default Duplicate Address Detection (DAD) for Statically General Configuration St eps .
IPv6 Addressing Configuration Contents Router Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Router Solicitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 Default IPv6 Router .
IPv6 Addressing Configuration Introduction Introduction Feature Default CLI Enable IPv6 with a Link-Local Address disabled 4-6 Configure Global Unicast disabled 4-7 Autoconfig Configure DHCPv6 Address.
IPv6 Addressing Configuration General Configuration Steps General Configuration Steps The IPv6 configuration on switches runn ing software re leas e K.
IPv6 Addressing Configuration Configuring IPv6 Addressing 4. If needed, st atically config ure IP v6 unicast addressi ng on the VLAN interface as needed.
IPv6 Addressing Configuration Enabling IPv6 with an Automatically Con figured Link-Local Address Enabling IPv6 with an Automatically Configured Link-Local Address This command enables au tomatic configuration of a link-local ad dress.
IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Rout er Ide ntity on a VLAN Enabling Automatic Configuration of a Global Unicast Address and a.
IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicas t Address and a Default Router Identity on a VLAN — Continued from the previous page.
IPv6 Addressing Configuration Enabling DHCPv6 Enabling DHCPv6 Enabling the DHCPv6 option on a VLA N a llows the swi tch to obtain a global unicast address and an N TP (network time prot ocol) server assignmen t for a T imep server .
IPv6 Addressing Configuration Enabling DHCPv6 — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned to the VLAN by an DHCPv6 server is set to the .
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN ■ DHCPv6 and statically configured global unicast or anycast addresses are mutually exclusive on a given VLA N . That is, configuring DHCPv6 on a VLAN erases any static global unic ast or anycast addresses previously configured on that VLAN, and the revers e.
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-Local Unicast Address Syntax: [no] ipv6 address fe80::< device-ide ntifier > link-local ■ If IPv6 is not already enable d on the VLAN, this command enables IPv6 and configures a static link-local address.
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Statically Configuring A Global Unicast Address Syntax:. [no] ipv6 address < network-prefix><d evice-id >/< pr.
IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Operating Notes ■ W ith IPv6 enabled, the switch determ ines the default IPv6 router for the VLAN from the router advertisements it receives. (Refer to “Router Access and Default Router Selection” on page 4-27.
IPv6 Addressing Configuration Configuring a Static IP v6 Address on a VLAN Syntax:. [no] ipv6 address < network-prefix >< device-ide ntifier >/< prefix-length > anycast If IPv6 is no.
IPv6 Addressing Configuration Disabling IPv6 on a VLAN Duplicate Address Detect ion (DAD) for Statically Configured Addresses Statically configured IPv6 addresses are designated as permanent.
IPv6 Addressing Configuration Neighbor Discovery (ND) Neighbor Discovery (ND) Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP for layer 2 address resolution, and uses IPv6 IC MP messages to do the following: ■ Determine the link-lay er address of neighbors on the same VLAN inter - face.
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Note: Neighbor and rout er solicitations must ori ginate on the same VLAN as the receiving device. T o support this operation, IPv6 is designed to discard any incoming neighbor or router solicitation that does not have a value of 255 in the IP Hop Limit field.
IPv6 Addressing Configuration Duplicate Address Detection (DAD) that includes its link-local a ddress. If the newly configured address is from a static or DHCPv6 source and is found t o be a duplicate, it is labelled as duplicate in the “Address Status” field of the show ipv6 c ommand, and is not used.
IPv6 Addressing Configuration Duplicate Address Detection (DAD) Operating Notes ■ A verified link-local unicast address must exist on a VLAN interface before the switch can run DAD on other addr esses associated with the interface.
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration V iew the Current IPv6 Addressing Configuration Use these commands to view the current status of the IPv 6 configuration on the switch. Syntax: show ipv6 Lists the current, global IPv6 settings and per -VLAN IPv6 addressing on the switch.
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Address Origin: ■ Autoconfig: The address was configured using stateless address autoconfiguration (S LAAC). In this case, the device identifier for global uni cast addresses copied from the current link-loc al unicast address.
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ■ DAD Attempts: Indicates the number of neighbor solicita- tions the switch transmit s per -address for duplicate (IPv6) address detection. Implemented when a new address is configured or when an interface with config- ured addresses comes up (such as after a reboot).
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 vlan 10 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.
IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show run Running configuration: . . . vlan 10 name "VLAN10" untagged A1-A12 ipv6 address fe80::127 link-local Statically config ured IPv6 addresses appear i n the show run output.
IPv6 Addressing Configuration Router Access and Default Router Selection Router Access and Default Router Selection Routing traffic between destin ations on different VLANs configured on the switch or.
IPv6 Addressing Configuration Router Access and Default Router Selection Note If the switch does not re ceive a router advertisement after sending the router solicitations, as described above, then no.
IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors V iew IPv6 Gateway , Route, and Router Neighbors Use these commands to view the switch 's current routing table content and connectivity to routers per VLAN.
IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors ProCurve(config)# show ipv6 route IPv6 Route Entries Dest : ::/0 “Unknown” Address Type : static Gateway : fe80::213:c4ff:fedd:14b0 %vlan10 Dist. : 40 Metric : 0 Dest : ::1/128 Loopback Address Type : connected Gateway : lo0 Dist.
IPv6 Addressing Configuration View IPv6 Gateway, Rout e, and Router Neighbors MTU: This is the Maximum T ran smission Unit (in bytes) allowed for frames on the path to the indicated router .
IPv6 Addressing Configuration Address Lifetimes Address Lifetimes Every configured IPv6 unic ast and anycas t address has a lifetime setting that determines how long the address can be used b efore it must be refreshed or replaced. Some addresses are set as “p ermanent” and do n ot expire.
IPv6 Addressing Configuration Address Lifetimes T able 4-1. IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Link-Local Permanent Statically Configured Uni cast or Anycast Permanent A.
IPv6 Addressing Configuration Address Lifetimes 4-34.
5 IPv6 Management Features Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Viewing and Clearing the IPv6 Neighbors Cache . . . . . . . . . . . . . . . . 3-2 Viewing the Neighbor Cache .
IPv6 Management Features Introduction Introduction Feature Default CLI Neighbor Cache n/a 5-3, 5-5 T elnet6 Enabled 5-6, 5-7, 5-8 SNTP Address None 5-10 T imep Address None 5-13 TFTP n/a 5-15 SNMP T rap Receivers None 5-21 This chapter focuses on the IPv6 ap plicatio n of managem ent fe atures in software release K.
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache V iewing the Neighbor Cache Neighbor discovery occurs when th ere is communication be tween IPv6 devices on a VLAN. The Neighbor Cache re tains data for a given neighbor until the entry times out.
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache — Continued from previous page. — • ST ALE : A timeout has occurred for reachability of the neigh- bor , and an unsolicited discov ery packet has been received from the neighbor address.
IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Clearing the Neighbor Cache When there is an eve nt such as a to pology change or an address change, the neighbor cache may have too many entries to allow ef ficient use.
IPv6 Management Features Telnet6 Operation T elnet6 Operation This section describes T elnet operati on for IPv6 on th e switch. For IPv4 T elne t operation, refer to the Management and Configurat ion Guide for your switch.
IPv6 Management Features Telnet6 Operation V iewing the Current T eln et Activity on a Switch Syntax: show telnet This command shows the active incoming and outgoing telnet sessions on the switch (for both IPv4 and IPv6). Command output includes the followin g: Session: The session number .
IPv6 Management Features Telnet6 Operation Enabling or Disabling Inbound T elnet6 Access Syntax: [ no ] telnet6-server This command is used at the glob al config level to enable (the default) or disable inbound T elnet6 access to the switch. The no form of the command disables inbound telnet6.
IPv6 Management Features SNTP and Timep SNTP and T imep Configuring (Enabling or Disabling) the SNTP Mode Software r elease K.13.01 enables config uration of a g lobal unicast a ddress for IPv6 SNTP time server . This section lists the SNTP and relate d c ommands, includi ng an example of using an IPv6 address.
IPv6 Management Features SNTP and Timep Configuring an IPv6 Addr ess for an SNTP Server Note T o use a global unicast IPv6 address to configure an IPv6 SNTP time se rver on the switch, th e switch must be receiving ad vertisements from an IPv6 router on a VL AN configured on t he switch.
IPv6 Management Features SNTP and Timep For example, to configure link-local and global unicast SNTP server addresses of: ■ fe80::215:60ff:fe7a:adc0 (on VLAN 10, configured on the switch) ■ 2001:d.
IPv6 Management Features SNTP and Timep For example, the show sntp output for the prece ding sntp server command example would appear as follows: ProCurve(config)# show sntp SNTP Configuration This example illustrates the command output when both Time Sync Mode: Sntp IPv6 and IPv4 server addresses are configured.
IPv6 Management Features SNTP and Timep ip timep manual < ipv6-addr > Enable T imep operation with a statically config ured [ interval < 1 - 9999 >] IPv6 address for a T imep se rver . Optionally change the interval between time re quests.
IPv6 Management Features SNTP and Timep ProCurve(config)# ip timep manual fe80::215:60ff:fe7a:adc0%vlan10 Note In the preceding example, using a link- l ocal address requires that you specify the local scope for the address; VLAN 10 in this case. This is al ways indicated by %vlan followed immediately (without sp aces) by the VLAN identifie r .
IPv6 Management Features TFTP File Transfers Over IPv6 TFTP File T ransfers Over IPv6 TFTP File T ransfers over IPv6 Y ou can use TFTP copy commands over IPv6 to up load, or download files to and from.
IPv6 Management Features TFTP File Transfers Over IPv6 Enabling TFTP for IPv6 TFTP for IPv6 is enabled by default on the sw itch. However , if it is disabled, you can re-enable it by spec ifying TFTP client or server functionality with the tftp6 < client | server > command.
IPv6 Management Features TFTP File Transfers Over IPv6 Using TFTP to Copy Files over IPv6 Use the TFTP copy commands described i n this section to: ■ Download specified files from a TFTP server to a switch on which TFTP client functionality is enabled.
IPv6 Management Features TFTP File Transfers Over IPv6 . ■ flash < p rimary | secondary >: Copies a software file stored on a remote host to primary or secondary flash memory on the switch. T o run a newly downlo aded software image, enter the reload or boot system flash command.
IPv6 Management Features TFTP File Transfers Over IPv6 < ipv6-addr >: If this is a link-local address, use this IPv6 address format: fe80::< device-id >%vlan< vid > For example: fe80.
IPv6 Management Features SNMP Management for IPv6 SNMP Management for IPv6 As with SNMP for IPv4, you can manage a switch via SNMP from an IPv6- based network management st ation by usin g an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+).
IPv6 Management Features SNMP Management for IPv6 SNMP Configuration Commands Supported IPv6 addressing is su pported in the followin g SNMP configurat ion command s: For more information on each SNMP.
SNMPv2c Inform configuration IPv6 Management Features SNMP Management for IPv6 The show snmp-server command displays the current SNMP policy configuration, incl uding SNMP communities, network secu ri.
IPv6 Management Features IP Preserve for IPv6 The show snmpv3 targetaddress command displays th e configuration (including the IPv4 or IPv6 address) of the SNMPv3 management st ations to which notification messages are se nt.
IPv6 Management Features IP Preserve f or IPv6 ; J8697A Configuration Editor; Creat ed on release #K.13.01 hostname "ProCurve" time daylight-time-rule None * * * * Entering an ip preserve st.
IPv6 Management Features IP Preserve for IPv6 Note that if a switch received its IP v6 address from a DHCP serve r , the “ip address” field under “vlan 1” would display: dhcp-bootp . ProCurve(config)# show run Running configuration: ; J8715A Configuration Editor; Created on release #K.
IPv6 Management Features IP Preserve f or IPv6 5-26.
6 IPv6 Management Security Features Contents IPv6 Management Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Authorized IP Managers for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Usage Notes .
IPv6 Management Security Features IPv6 Management Security IPv6 Management Security This chapter describes manageme nt secu rity features th at are IPv6 counter - parts of IPv4 management security featur es on the switches covered by this guide.
IPv6 Management Security Features Authorized IP Managers for IPv6 Authorized IP Managers for IPv6 The Authorized IP Managers feature us es IP addresses and masks to deter - mine which stations (P Cs or workstat ions) can access the switch through the network.
IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Y ou configure each authorized manage r address wi th Manager or Opera- tor -level privi lege to access the swit ch in a T elnet, SNMPv1, or SNMPv2c session.
IPv6 Management Security Features Authorized IP Managers for IPv6 Configuring Authorized IP Managers for Switch Access T o configure one or more IPv6-based management stations to access the switch usi.
IPv6 Management Security Features Authorized IP Managers for IPv6 Notes If you do not enter a value fo r the ipv6-mask parameter when you configure an authorized IPv6 address, th e switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the defaul t mask (see “Configuring Authorized IP Managers for Switch Access” on page 6-5).
IPv6 Management Security Features Authorized IP Managers for IPv6 Conversely , in a mask, a “0” binary bit mean s that either the “ on” or “off” setting of the corresponding IPv6 bit in an au thorized address is valid and does not have to match th e setting of the same bit in the specifi ed IPv6 address.
IPv6 Management Security Features Authorized IP Managers for IPv6 Example. Figure 6-3 shows an example in which a mask that authorizes switch access to four management stat ions is applied to the IPv6 address: 2001:DB8:0000:0000:244:17FF:FEB6:D37D . The mask is: FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC .
IPv6 Management Security Features Authorized IP Managers for IPv6 to 0 (“off”) and allow the correspondin g bits in an authorized IPv6 address to be either “on” or “off”. As a result, only th e four IPv6 ad dresses shown in Figure 6-5 are all owed access.
IPv6 Management Security Features Authorized IP Managers for IPv6 ■ Each authorized station has the same 64-bit device ID ( 244:17FF:FEB6:D37D ) because the value of the last four blocks in the mask i s FFFF (binary value 1111 1111).
IPv6 Management Security Features Authorized IP Managers for IPv6 Figure 6-7 shows the bits in the fourth block of the mask that determine the valid subnets in which authorized stat ions with an IPv6 device ID of 244:17FF:FEB6:D37D reside.
-------------------------------------- - IPv6 Management Security Features Authorized IP Managers for IPv6 Displaying an Authorized IP Managers Configuration Use the show ipv6 authorized-ma nagers com.
IPv6 Management Security Features Authorized IP Managers for IPv6 Additional Examples of Au thorized IPv6 Managers Configuration Authorizing Manager Access. The following IPv6 co mmands authoriz e manager -leve l access for one link-local stat ion at a time .
IPv6 Management Security Features Authorized IP Managers for IPv6 The next IPv6 command authorizes oper ator -level access for sixty-four IPv6 stations: thirt y-two stations in the subne ts defined by.
IPv6 Management Security Features Secure Shell for IPv6 Secure Shell for IPv6 The Secure Shell (SSH) for IPv6 featur e prov ides the sa me T elnet-like func- tions through encrypted, au thenticated transactions as SSH for IPv4. SSH for IPv6 provides CLI (console) access and se cure file transfer functionality .
IPv6 Management Security Features Secure Shell for IPv6 Note Syntax:. [ no] ip ssh Enables SSH on the switch and activates the connection with a configured SSH serv er (RADIUS or TACACS+).
IPv6 Management Security Features Secure Shell for IPv6 Displaying an SSH Configuration T o verify an SSH for IPv6 configuratio n and display all SSH sessions running on the switch, enter th e show ip ssh command. Inform ation on all current S SH sessions (IPv4 and IPv6) is displayed.
IPv6 Management Security Features Secure Copy and Secure FTP for IPv6 Secure Copy and Secure FTP for IPv6 Y ou can take advantage of the Secure Copy (SCP) and Secure FTP (SFTP) client applicati ons to.
7 Multicast Listener Di scovery (MLD) Snooping Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Introduction to MLD Snooping . . . . . . . . . . . . . . . . . . . . . . . .
Multicast Listener Discovery (MLD) Snooping Overview Overview Multicast add ressing allows one -to-many or many-t o-many comm unication among hosts on a net work. T ypical applicat ions of multicast commun ication include audio and video streaming, de sktop conferenci ng, collabor ative com- puting, and simi lar applications.
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Introduction to MLD Snooping There ar e several roles t hat network dev ices may play in an IPv6 multic ast environment: ■ ML.
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping General opera tion. Multicast communi cation can take place witho ut MLD, and by default MLD is disabl ed.
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Note that MLD snoop ing operates on a single VLAN (though t here can be multiple VLANs, each runni ng MLD snooping). Cross-VLAN traffic is handled by a multicast router . Forwarding in MLD snooping.
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping A network node establ ishes itself as an MLD host by issuing a multicast “join” request (also called a multicast “report”) for a specific multicast address when it starts an application that listens to multicast traffic .
Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Fast leaves and forc ed fast leaves. The fast leave a nd forced fast leave functions can help to prune unnecessary mu lticast traffic when an MLD host issues a leave request from a multicas t a ddress.
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring MLD Several CLI commands are available for configuring MLD parameters on a switch. Enabling or Disabling MLD Snooping on a VLAN Syntax: [no] ipv6 mld Note: This command must be issued in a VLAN context.
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring Per -Port MLD T raffic Filters Syntax: ipv6 mld [auto <port-list> | blo cked <port-list> | forward <port-list> ] Note: This command must be issued in a VLAN context.
Multicast Listener Discovery (MLD) Snooping Configuring MLD Configuring the Querier Syntax: [no] ipv6 mld querier Note: This command must be issued in a VLAN context. This command enables the switch to act as querier on a VLAN. The [no] form of the command disabl es the switch from acting as querier on a VLAN.
Multicast Listener Discovery (MLD) Snooping Configuring MLD For exampl e, to disable fast leave on ports in VLAN 8: ProCurve(vlan-8)# no ipv6 mld fast leave a14-a15 T o enable fast leave on ports in V.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Displaying MLD Status and Configuration Current MLD Status Syntax: show ipv6 mld Displays MLD status informatio n for all VLANs on the switch that have MLD configured.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation ff02::1:ff04:3 FILT 0h:4m:5s A20 ff02::1:ff05:1 FILT 0h:4m:3s A21 ff02::1:ff0b:2dfe FILT 0h:3m:59s A17 ff02::1:ff0b.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown f o r each VLAN that has ML D snooping enabled: ■ VLAN ID number and name ■ .
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Current MLD Configuration Syntax: show ipv6 mld config Displays current global MLD configuration for all MLD- enabled VLANS on the switch.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The specific form of the co mmand might look like this: ProCurve# show ipv6 mld vlan 8 config MLD Service Vlan Confi.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation Ports Currently Joined Syntax: show ipv6 vlan <vid> group Lists the ports currently joined for all IPv6 multi.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The follow ing information is shown: ■ VLAN ID and nam e ■ port information for ea ch IPv6 multi cast group addr.
------- ------------ ---------- -- ------------ ------------ Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation For example, the gene ra l form of the co mmand: ProCu.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration Counters Syntax: show ipv6 mld vlan <vid> c ounters Displays MLD counters for the specified VLAN vid —V L A .
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configur ation The following information is shown: ■ VLAN number and n ame ■ For each VLAN: • number of general queries rece.
Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration 7-22.
8 IPv6 Diagnostic and T roubleshooting Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 ICMP Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPv6 Diagnostic and Troubleshooting Introduction Introduction Feature Default CLI IPv6 ICMP Message Interval and T oken Buck et 100 ms 10 max tokens 8-3 ping6 Enabled traceroute6 n/a The IPv6 ICMP fe .
IPv6 Diagnostic and Troubleshooting ICMP Rate-Limiting Controlling the frequ ency of IC MPv6 error messages can help to preven t DoS (Denial- of- Service) attacks. With IP v6 enabled on the switch, you can control the allowable frequency of these me ssages with ICM Pv6 rate-limitin g.
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Ping for IPv6 (Ping6) The Ping6 test is a point- to-point test th at a ccepts an IPv6 address or IPv6 host name to see if an IPv6 switch is c ommu nicating proper ly with another device on the same or another IP network .
IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) [timeout] : Number of seconds within which a response is required from the destination ho st before the ping test times out. V alid values: 1 - 60. Default: 1 second. [source <ipv6-addr | hostn ame >]: Source IP address or hostname.
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 T raceroute for IPv6 The traceroute6 command enables you to trace the route from a switch to a host device that is identi fied by an IPv6 address or IPv6 host name. In the command output, information on each (router) hop betwee n the switch and the destination IPv6 address is displayed.
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Syntax: traceroute6 < ipv6-a ddress | hostname > [minttl < 1-255 > [maxttl < 1-255 > [timeout < 1 - 60 >] [probes < 1.
IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 ProCurve# traceroute6 2001:db8::10 traceroute to 2001:db8::10 1 hop min, 30 hops max, 5 sec. timeout , 3 probes 1 2001:db8::a:1c:e3:3 0 ms 0 ms .
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 DNS Resolver for IPv6 The Domain Name System (DNS) resolv er is designed f or local network domains where it enables us e of a host name or fully qualified domain name to support DNS-compat ible commands fr om the switch.
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 — Continued from the previous page. — The no form of the command removes the specified address from the server address list configured on the switch. < ip-addr >: Specifies the address of an IPv6 or IPv4 DNS server .
IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 been configured as the domain name on the switch and th e address of a DNS server residing in that domain is also configured on the switch. The commands for these steps are as follows: ProCurve(config)# ip dns server priority 1 2001:db8::127:10 ProCurve(config)# ip dns domain-name mygroup.
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug/Syslog for IPv6 The Debug/System logging ( Syslog ) for IPv6 feature provi des the same logging functions as th e IPv4 vers ion, allowing you to record IPv4 and IPv6 Event Log and debug messages on a remote device to troubleshoot switch or network operation.
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug Command Syntax: [n o] debug < debug-type > Configures the types of IPv4 and IPv6 messages that are sent to Syslog servers or other.
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Syntax:. [no] debug < debug-type > (Continued) ip [ rip < database | event | trigger > Configures specified IPv4 RIP message types.
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 • debug destinatio n buffer enables the configured debug message types to be sent to a buff er in switch memory . Logging Command Syntax: [n o] logging < syslog-ipv4-addr > Enables or disables Syslog mess aging to the specified IPv4 address.
IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 8-16.
A Te r m i n o l o g y DAD Duplicate Address Detect ion. Refer to “Duplicate Address Detection (DAD)” on page 4-18. Device Identifier The low-order bit s in an IPv6 ad dre ss that identi fy a specific device.
Terminology A-2.
Index Symbols … 4-7, 4-13 %vlan suffix … 5-6, 5-10, 5-13 A ACL debug messages … 8-13 address configuration DNS for IPv6 … 2-14 duplicate unicast addres ses … 3-6, 2-9, 4-18 IPv6 anycast addr.
DHPv6 messages … 8-14 event log messages … 8-13 IPv4/IPv6 event messages … 8-13, 8-12 LLDP messages … 8-14 using Syslog servers … 8-14 wireless-services messages … 8-14 denial-of-service ICMPv6 rate limiting … 2-13 deprecated address …4 - 2 2 device identifier in IPv6 address …3 - 4 See also interface identifier.
quick start … 1-8 IP authorized managers for IPv6 … 2-12 IP masks for multiple authorized manager stations … 6-6, 6-5 used in configuring auth orized IP management … 6-5, 6-3 IP Preserve confi.
MIB support SNMP … 5-20 migration from IPv4 to IPv6 … 2-3, 2-4, 2-6 MLD blocking multicast pack et forwarding … 7-5, 7-9 configuration … 7-8 displaying configuratio n … 7-12, 7-15, 7-18, 7-2.
SSHv2 for IPv6 … 2-11 setup screen …1 - 8 sFlow …5 - 2 0 SFTP See SCP/SFTP. show ipv6 … 2-9, 3-6, 4-6, 4-8, 4-10, 4-13, 4-15, 4-21 show run IPv6 output … 4-25 SNMP configuring SNMPv1/v2c tra.
V autoconfiguration … 3-11 used within an organization … 3-19 unspecified address in IPv6 … 3 -25 valid lifetime of global unicast addres s … 3-7, 3-25, 4-8, 4-10 use of deprecated IPv6 addres.
.
© Copyright 2009 Hewlett-Pack ard Development Company , L.P . February 2009 Manual Part Number 5992-544 1.
Een belangrijk punt na aankoop van elk apparaat HP (Hewlett-Packard) 2910AL (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen HP (Hewlett-Packard) 2910AL heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens HP (Hewlett-Packard) 2910AL vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding HP (Hewlett-Packard) 2910AL leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over HP (Hewlett-Packard) 2910AL krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van HP (Hewlett-Packard) 2910AL bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de HP (Hewlett-Packard) 2910AL kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met HP (Hewlett-Packard) 2910AL . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.