HP 3600 v2 Series Configuration Manual page 135

Step
1. Enter system view.
2. Enter interface view.
3. Configure an IPv6 address
manually.
Stateless address autoconfiguration
To configure an interface to generate an IPv6 address by using stateless address autoconfiguration:
Step
1. Enter system view.
2. Enter interface view.
3. Configure an IPv6 address to be
generated through stateless address
autoconfiguration.
NOTE:
Using the undo ipv6 address auto command on an interface removes all IPv6 global unicast addresses
automatically generated on the interface.
With stateless address autoconfiguration enabled on an interface, the device automatically generates an
IPv6 global unicast address by using the address prefix information in the received RA message and the
interface ID. On an IEEE 802 interface (such as a VLAN interface), the interface ID is generated based
on the MAC address of the interface, and is globally unique. As a result, the interface ID portion of the
IPv6 global address remains unchanged and exposes the sender. An attacker can further exploit
communication details such as the communication peer and time.
To fix the vulnerability, configure the temporary address function that enables the system to generate and
use temporary IPv6 addresses with different interface ID portions on an interface. With this function
configured on an IEEE 802 interface, the system can generate two addresses, public IPv6 address and
temporary IPv6 address.
Public IPv6 address—Comprises an address prefix provided by the RA message, and a fixed
•
interface ID generated based on the MAC address of the interface.
Temporary IPv6 address—Comprises an address prefix provided by the RA message, and a
•
random interface ID generated through MD5.
Before sending a packet, the system preferably uses the temporary IPv6 address of the sending interface
as the source address of the packet to be sent. When this temporary IPv6 address expires, the system
removes it and generates a new one. This enables the system to send packets with different source
addresses through the same interface. If the temporary IPv6 address cannot be used because of a DAD
conflict, the public IPv6 address is used.
The preferred lifetime and valid lifetime for temporary IPv6 addresses are specified as follows:
The preferred lifetime of a temporary IPv6 address takes the value of the smaller of the following
•
values:
The preferred lifetime of the address prefix in the RA message.
Command
system-view
interface interface-type
interface-number
ipv6 address { ipv6-address
prefix-length |
ipv6-address/prefix-length }
Command
system-view
interface interface-type
interface-number
ipv6 address auto
124
Remarks
N/A
N/A
By default, no IPv6 global unicast
address is configured on an interface.
Remarks
N/A
N/A
By default, no IPv6 global unicast
address is configured on an interface.