Download  Print this page

HP 8200zl Configuration Manual

Series 5400zl; series 3500yl; series 2900.
Hide thumbs

Advertisement

8200zl
6200yl
5400zl
3500yl
2900
ProCurve Switches
K.13.01
T.13.01
www.procurve.com
IPv6 Configuration Guide

Advertisement

Table of Contents

   Related Manuals for HP 8200zl

   Summary of Contents for HP 8200zl

  • Page 1 8200zl 6200yl 5400zl IPv6 Configuration Guide 3500yl 2900 ProCurve Switches K.13.01 T.13.01 www.procurve.com...
  • Page 3 ProCurve 8212zl Switch 6200yl Switch Series 5400zl Switches Series 3500yl Switches Series 2900 Switches January 2008 K.13.01 T.13.01 IPv6 Configuration Guide...
  • Page 4 Nothing herein should be construed as constituting an additional warranty. HP shall Applicable Products not be liable for technical or editorial errors or omissions ProCurve Switch 2900-24G (J9049A) contained herein. ProCurve Switch 2900-48G (J9050A)
  • Page 5: Table Of Contents

    Contents Product Publications and IPv6 Command Index About Your Switch Manual Set ........xi Printed Publications.
  • Page 6 Information Sources for Tunneling IPv6 Over IPv4 ... 2-5 Use Model ........... . 2-6 Adding IPv6 Capability .
  • Page 7 3 IPv6 Addressing Contents ............3-1 Introduction .
  • Page 8 Overview of the Multicast Operation in IPv6 ....3-21 IPv6 Multicast Address Format ....... 3-22 Multicast Group Identification .
  • Page 9 Operating Notes ........4-20 View the Current IPv6 Addressing Configuration .
  • Page 10 Using TFTP to Copy Files over IPv6 ..... . . 5-17 Using Auto-TFTP for IPv6 ....... . 5-19 SNMP Management for IPv6 .
  • Page 11 Configuring Fast Leave ........7-10 Configuring Forced Fast Leave .
  • Page 13: Product Publications And Ipv6 Command Index

    Product manuals (all). Printed Publications The two publications listed below are printed and shipped with your switch. The latest version of each is also available in PDF format on the ProCurve Web site, as described in the above Note. ■...
  • Page 14 The two publications listed below support all of the switches covered by this manual except the ProCurve Series 2900 switches: ■ Command Line Interface Reference Guide—Provides a comprehensive description of CLI commands, syntax, and operations. Event Log Message Reference Guide—Provides a comprehensive descrip- ■...
  • Page 15: Ipv6 Command Index

    IPv6 Command Index This index provides a tool for locating descriptions of individual IPv6 com- mands covered in this guide. N o t e A link-local address must include %vlan< vid > without spaces as a suffix. For example: fe80::110:252%vlan20 The index begins on the next page.
  • Page 16 Command Min. Level Page Authorized Manager ipv6 authorized managers < ipv6-addr > Global Config show ipv6 authorized-managers Manager 6-12 Copy auto-tftp Global Config 5-19 copy tftp < target > < ipv6-addr > < filename > Manager 5-17 copy < source > tftp < ipv6-addr > < filename > Manager 5-18 tftp6 [ client | server ]...
  • Page 17 Command Min. Level Page IPv6 Management (Continued) ipv6 nd dad-attempts < 0 - 600 > Global Config 4-19 show ipv6 neighbors Operator show ipv6 route Operator 4-29 show ipv6 routers Operator 4-30 snmp-server host < ipv6-addr > Global Config 5-21 ipv6 mld VLAN Config ipv6 mld [<...
  • Page 19 Getting Started Contents Introduction ..........1-2 Conventions .
  • Page 20: Getting Started

    It describes how to use the command line interface (CLI) to configure, manage, monitor, and troubleshoot switch operation. For an overview of other product documentation for the above switches, refer to “Product Doc- umentation” on page ix. You can download documentation from the ProCurve Networking web site, www.procurve.com. Conventions This guide uses the following conventions for command syntax and displayed information.
  • Page 21: Command Prompts

    In the default configuration, your switch displays a CLI prompt similar to the following example: ProCurve 8212zl# To simplify recognition, this guide uses ProCurve to represent command prompts for all switch models. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.) Screen Simulations Displayed Text.
  • Page 22: Sources For More Information

    N o t e For the latest version of all ProCurve switch documentation referred to below, including Release Notes covering recently added features, visit the ProCurve Networking web site at www.procurve.com, click on Technical support, and then click on Product Manuals (all).
  • Page 23 Getting Started Sources for More Information Advanced Traffic Management Guide—Use this guide for information on ■ topics such as: • VLANs: Static port-based and protocol VLANs, and dynamic GVRP VLANs • spanning-Tree: 802.1D (STP), 802.1w (RSTP), and 802.1s (MSTP) • meshing •...
  • Page 24: Getting Documentation From The Web

    Click on Technical support. Click on Product manuals. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: www.procurve.com Online Help...
  • Page 25: Command Line Interface

    Figure 1-4. Button for Web Browser Interface Online Help N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for the...
  • Page 26: To Set Up And Install The Switch In Your Network

    To Set Up and Install the Switch in Your Network To Set Up and Install the Switch in Your Network Use the ProCurve Installation and Getting Started Guide (shipped with the switch) for the following: ■ Notes, cautions, and warnings related to installing and using the switch and its related modules ■...
  • Page 27: Introduction To Ipv6

    Introduction to IPv6 Contents Migrating to IPv6 ..........2-3 IPv6 Propagation .
  • Page 28 Introduction to IPv6 Contents ICMP Rate-Limiting ......... 2-13 Ping6 .
  • Page 29: Migrating To Ipv6

    IPv4 network to reach an IPv6 destination IPv6/IPv4 DHCPv6 Router Server IPv6/IPv4 Router ProCurve Switch Running Release K.13.01 ProCurve Switch Running IPv4 Network Release K.13.01 IPv6/IPv4 Router IPv6-Capable DNS Server Figure 2-1. Dual-Stack ProCurve Switches Employed in an IPv4/IPv6 Network...
  • Page 30: Ipv6 Propagation

    Introduction to IPv6 Migrating to IPv6 IPv6 Propagation IPv6 is currently in the early stages of deployment worldwide, involving a phased-in migration led by the application of basic IPv6 functionality. In these applications, IPv6 traffic is switched among IPv6-capable devices on a given LAN, and routed between LANs using IPv6-capable routers.
  • Page 31: Connecting To Devices Supporting Ipv6 Over Ipv4 Tunneling

    Introduction to IPv6 Migrating to IPv6 Connecting to Devices Supporting IPv6 Over IPv4 Tunneling The switches covered by this guide can interoperate with IPv6/IPv4 devices capable of tunneling IPv6 traffic across an IPv4 infrastructure. Some examples include: traffic between IPv6/IPv4 routers(router/router) ■...
  • Page 32: Use Model

    Introduction to IPv6 Use Model Use Model Adding IPv6 Capability IPv6 was designed by the Internet Engineering Task Force (IETF) to improve on the scalability, security, ease of configuration, and network management capabilities of IPv4. IPv6 provides increased flexibility and connectivity for existing networked devices, addresses the limited address availability inherent in IPv4, and the infrastructure for the next wave of Internet devices, such as PDAs, mobile phones and appliances.
  • Page 33: Configuration And Management

    K.13.01. Configuration and Management This section outlines the configurable management features supporting IPv6 operation on your ProCurve IPv6-ready switch. Management Features Software release K.13.01 provides host-based IPv6 features that enable the switches covered in this guide to be managed from an IPv6 management station and to operate in both IPv6 and IPv4/IPv6 network environments.
  • Page 34: Dhcpv6 (stateful) Address Configuration

    Introduction to IPv6 Configuration and Management and the interface identifier currently in use in the link-local address. Having a global unicast address and a connection to an IPv6- aware router enables IPv6 traffic on a VLAN to be routed to other VLANs supporting IPv6-aware devices. (Using software release K.13.01, an external, IPv6- aware router is required to forward traffic between VLANs.) Multiple, global unicast addresses can be configured on a VLAN that receives...
  • Page 35: Neighbor Discovery (nd) In Ipv6

    Introduction to IPv6 Configuration and Management N o t e In IPv6 for the switches covered in this guide, the default route cannot be statically configured. Also, DHCPv6 does not include default route configura- tion.) Refer to “Default IPv6 Router” on page 4-28 and “View IPv6 Gateway, Route, and Router Neighbors ”...
  • Page 36: Ipv6 Management Features

    Introduction to IPv6 Configuration and Management IPv6 Management Features The switch's IPv6 management features support operation in an environment employing IPv6 servers and management stations.With a link to a properly configured IPv6 router, switch management extends to routed traffic solu- tions.
  • Page 37: Ip Preserve

    Telnet and is also used for secure file transfers (SFTP and SCP). Software release K.13.01 with SSHv2 on IPv6 extends to IPv6 devices the SSH functionality that has been previously available on ProCurve switches running IPv4. This means that SSH version 2 connections are...
  • Page 38: Ip Authorized Managers

    Introduction to IPv6 Configurable IPv6 Security supported between the switch and IPv6 management stations when SSH on the switch is also configured for IPv6 operation. The switch now offers these SSHv2 connection types: ■ IPv6 only IPv4 only ■ IPv4 or IPv6 ■...
  • Page 39: Diagnostic And Troubleshooting

    Introduction to IPv6 Diagnostic and Troubleshooting C a u t i o n The Authorized IP Managers feature does not protect against unauthorized station access through a modem or direct connection to the Console (RS-232) port. Also, if an unauthorized station “spoofs” an authorized IP address, then the unauthorized station cannot be blocked by the Authorized IP Managers feature, even if a duplicate IP address condition exists.
  • Page 40: Domain Name System (dns) Resolution

    Introduction to IPv6 Diagnostic and Troubleshooting Domain Name System (DNS) Resolution This feature enables resolving a host name to an IPv6 address and the reverse, and takes on added importance over its IPv4 counterpart due to the extended length of IPv6 addresses. With DNS-compatible commands, CLI command entry becomes easier for reaching a device whose IPv6 address is configured with a host name counterpart on a DNS server.
  • Page 41: Snmp

    Introduction to IPv6 IPv6 Scalability SNMP When IPv6 is enabled on a VLAN interface, you can manage the switch from a network management station configured with an IPv6 address. Refer to “SNMP Management for IPv6” on page 5-20. Loopback Address Like the IPv4 loopback address, the IPv6 loopback address (::1) can be used by the switch to send an IPv6 packet to itself.
  • Page 42: Path Mtu (pmtu) Discovery

    Introduction to IPv6 Path MTU (PMTU) Discovery Path MTU (PMTU) Discovery IPv6 PMTU operation is managed automatically by the IPv6 nodes between the source and destination of a transmission. For Ethernet frames, the default MTU is 1500 bytes. If a router on the path cannot forward the default MTU size, it sends an ICMPv6 message (PKT_TOO_BIG) with the recommended MTU to the sender of the frame.
  • Page 43: Ipv6 Addressing

    IPv6 Addressing Contents Introduction ..........3-3 IPv6 Address Structure and Format .
  • Page 44 IPv6 Addressing Contents Prefixes in Routable IPv6 Addresses ......3-18 Unique Local Unicast IPv6 Address ......3-19 Anycast Addresses .
  • Page 45: Introduction

    IPv6 Addressing Introduction Introduction IPv6 supports multiple addresses on an interface, and uses them in a manner comparable to subnetting an IPv4 VLAN. For example, where the switch is configured with multiple VLANs and each is connected to an IPv6 router, each VLAN will have a single link-local address and one or more global unicast addresses.
  • Page 46: Network Prefix

    IPv6 Addressing IPv6 Address Structure and Format An IPv6 address includes a network prefix and an interface identifier. Network Prefix The network prefix (high-order bits) in an IPv6 address begins with a well- known, fixed prefix for defining the address type. Some examples of well- known, fixed prefixes are: 2000::/3global (routable) unicast address fd08::/8 unique local unicast address...
  • Page 47: Ipv6 Addressing Options

    IPv6 Addressing IPv6 Addressing Options IPv6 Addressing Options IPv6 Address Sources IPv6 addressing sources provide a flexible methodology for assigning addresses to VLAN interfaces on the switch. Options include: ■ stateless IPv6 autoconfiguration on VLAN interfaces includes: • link-local unicast addresses •...
  • Page 48 IPv6 Addressing IPv6 Addressing Options Stateful Address Autoconfiguration. This method allows use of a DHCPv6 server to automatically configure IPv6 addressing on a host in a manner similar to stateful IP addressing with a DHCPv4 server. For software release K.13.01, a DHCPv6 server can provide routable IPv6 addressing and NTP (timep) server addresses.
  • Page 49: Ipv6 Address Sources

    IPv6 Addressing IPv6 Address Sources IPv6 Address Sources IPv6 addressing sources provide a flexible methodology for assigning addresses to VLAN interfaces on the switch. Options include: stateless IPv6 autoconfiguration on VLAN interfaces includes: ■ • link-local unicast addresses • global unicast addresses stateful IPv6 address configuration using DHCPv6 ■...
  • Page 50: Stateful (dhcpv6) Address Configuration

    IPv6 Addressing IPv6 Address Sources servers. These lifetimes cannot be reset using control from the switch console or SNMP methods. Refer to “Preferred and Valid Address Lifetimes” on page 3- Stateful (DHCPv6) Address Configuration Stateful addresses are defined by a system administrator or other authority, and automatically assigned to the switch and other devices through the Dynamic Host Configuration Protocol (DHCPv6).
  • Page 51: Static Address Configuration

    IPv6 Addressing IPv6 Address Sources Static Address Configuration Generally, static address configuration should be used when you want specific, non-default addressing to be assigned to a VLAN interface. For IPv6, DHCP use is indicated for conditions such as the following: ■...
  • Page 52: Address Types And Scope

    IPv6 Addressing Address Types and Scope Address Types and Scope Address Types IPv6 uses these IP address types: Unicast: Identifies a specific IPv6 interface. Traffic having a unicast ■ destination address is intended for a single interface. Like IPv4 addresses, unicast addresses can be assigned to a specific VLAN on the switch and to other IPv6 devices connected to the switch.
  • Page 53: Address Scope

    IPv6 Addressing Address Types and Scope Address Scope The address scope determines the area (topology) in which a given IPv6 address is used. This section provides an overview of IPv6 address types. For more information, refer to the chapter titled “IPv6 Addressing”. Link-Local Address.
  • Page 54 IPv6 Addressing Address Types and Scope In binary notation, the fixed prefix for link-local prefixes is: 1111 1110 10 = fe80/10 For more on link-local addresses, refer to “Link-Local Unicast Address” on page 3-13. Routable Global Unicast Prefix. This well-known 3-bit fixed-prefix indi- cates a routable address used to identify a device on a VLAN interface that is accessible by routing from multiple networks.
  • Page 55: Link-local Unicast Address

    IPv6 Addressing Link-Local Unicast Address Other Prefix Types. There are other designated global unicast prefixes such as those for the following address types: ■ RFC 4380: “Teredo: Tunneling IPv6 over UDP” RFC 3056: “Connection of IPv6 Domains via IPv4 Clouds” ■...
  • Page 56: Extended Unique Identifier (eui)

    IPv6 Addressing Link-Local Unicast Address Because all VLANs configured on the switch use the same MAC address, all automatically generated link-local addresses on the switch will have the same link-local address. However, since the scope of a link-local address includes only the VLAN on which it was generated, this should not be a problem.
  • Page 57: Statically Configuring Link-local Addresses

    IPv6 Addressing Link-Local Unicast Address MAC Address IPv6 I/F Identifier Full Link-Local Unicast Address 00-15-60-7a-ad-c0 215:60ff:fe7a:adc0 fe80::215:60ff:fe7a:adc0/64 09-c1-8a-44-b4-9d 11c1:8aff:fe44:b49d fe80::11c1:8aff:fe44:b49d/64 00-1a-73-5a-7e-57 21a:73ff:fe5a:7e57 fe80::21a:73ff:fe5a:7e57/64 The EUI method of generating a link-local address is automatically imple- mented on the switches covered by this guide when IPv6 is enabled on a VLAN interface.
  • Page 58: Global Unicast Address

    IPv6 Addressing Global Unicast Address Global Unicast Address A global unicast address is required for unicast traffic to be routed across VLANs within an organization as well as across the public internet. To support subnetting, a VLAN can be configured with multiple global unicast addresses. Any of the following methods can be used to configure this kind of address on a VLAN: ■...
  • Page 59: Static Configuration Of A Global Unicast Address

    IPv6 Addressing Global Unicast Address generate a link-local address on the VLAN as described in the preceeding ■ section (page 3-13). ■ transmit a router solicitation on the VLAN, and to listen for advertise- ments from any IPv6 routers on the VLAN. For each unique router advertisement (RA) the switch receives from any router(s), the switch configures a unique, global unicast address.
  • Page 60: Prefixes In Routable Ipv6 Addresses

    IPv6 Addressing Global Unicast Address Prefixes in Routable IPv6 Addresses In routable IPv6 addresses, the prefix uniquely identifies an entity and a unicast subnet within that entity, and is defined by a length value specifying the number of leftmost contiguous (high-order) bits comprising the prefix. For an automatically generated global unicast address, the default prefix length is 64 bits.
  • Page 61: Unique Local Unicast Ipv6 Address

    IPv6 Addressing Unique Local Unicast IPv6 Address Unique Local Unicast IPv6 Address A unique local unicast address is an address that falls within a specific range, but is used only as a global unicast address within an organization. Traffic having a source address within the defined range should not be allowed beyond the borders of the intended domain or onto the public internet.
  • Page 62: Anycast Addresses

    IPv6 Addressing Anycast Addresses Anycast Addresses Network size, traffic loads and the potential for network changes make it desirable to build in redundancy for some network services to provide increased service reliability. Anycast addressing provides this capability for applications where it does not matter which source is actually used to provide a service that is offered on multiple sources.
  • Page 63: Multicast Application To Ipv6 Addressing

    IPv6 Addressing Multicast Application to IPv6 Addressing For related information, refer to: ■ RFC 4291: “IP Version 6 Addressing Archetecture” ■ RFC 2526: “Reserved IPv6 Subnet Anycast Addresses” Multicast Application to IPv6 Addressing Multicast is used to reduce traffic for applications that have more than one recipient for the same data.
  • Page 64: Ipv6 Multicast Address Format

    IPv6 Addressing Multicast Application to IPv6 Addressing For information on Multicast Listener Discovery (MLD) refer to the chapter titled “Multicast Listener Discovery (MLD) Snooping”. When MLD is enabled on an interface, you can use show ipv6 mld [ vlan < vid >] to list the active multicast group activity the switch has detected per interface from other devices.
  • Page 65: Solicited-node Multicast Address Format

    IPv6 Addressing Multicast Application to IPv6 Addressing multicast scope: Bits 13-16 set boundaries on multicast traffic distribu- ■ tion, such as the interface defined by the link-local unicast address of an area, or the network boundaries of an organization. Because IPv6 uses multicast technology in place of the broadcast technology used in IPv4, the multicast scope field also controls the boundaries for broadcast-type traffic sent in multicast packets.
  • Page 66: Loopback Address

    IPv6 loopback address is never used as the source IPv6 address for any packet that is sent out of a device, and the switch drops any traffic it receives with a loopback address destination. An example use case is: ProCurve# ping6 ::1 0000:0000:0000:0000:0000:0000:0000:0001 is alive, time = 1 ms 3-24...
  • Page 67: The Unspecified Address

    IPv6 Addressing The Unspecified Address The Unspecified Address The “unspecified” address is defined as 0.0.0.0.0.0.0.0 (::/128, or just ::). It can be used, for example, as a temporary source address in multicast traffic sent by an interface that has not yet acquired its own address. The unspecified address cannot be statically configured on the switch, or used as a destination address.
  • Page 68 IPv6 Addressing IPv6 Address Deprecation N o t e s Preferred and valid lifetimes on a VLAN interface are determined by the router advertisements received on the interface. These values are not affected by the lease time assigned to an address by a DHCPv6 server. That is, lease expiration on a DHCPv6-assigned address terminates use of the address, regardless of the status of the RA-assigned lifetime, and router-assigned lifetime expiration of a leased address terminates the switch’s use of the address.
  • Page 69: Ipv6 Addressing Configuration

    IPv6 Addressing Configuration Contents Introduction ..........4-3 General Configuration Steps .
  • Page 70 IPv6 Addressing Configuration Contents Router Solicitations ........4-27 Default IPv6 Router .
  • Page 71: Introduction

    IPv6 Addressing Configuration Introduction Introduction Feature Default Enable IPv6 with a Link-Local disabled Address Configure Global Unicast disabled Autoconfig Configure DHCPv6 Addressing disabled Configure a Static Link-Local None 4-12 Address Configure a Static Global Unicast None 4-13 Address Configure an Anycast Address None 4-14 Change DAD Attempts...
  • Page 72: General Configuration Steps

    IPv6 Addressing Configuration General Configuration Steps General Configuration Steps The IPv6 configuration on switches running software release K.13.01 includes global and per-VLAN settings. This section provides an overview of the general configuration steps for enabling IPv6 on a given VLAN and can be enabled by any one of several commands.
  • Page 73: Configuring Ipv6 Addressing

    IPv6 Addressing Configuration Configuring IPv6 Addressing If needed, statically configure IPv6 unicast addressing on the VLAN interface as needed. This can include any of the following: • statically replacing the automatically generated link-local address • statically adding global unicast, unique local unicast, and/or anycast addresses Configuring IPv6 Addressing In the default configuration on a VLAN, any one of the following commands...
  • Page 74: Enabling Ipv6 With An Automatically Configured Link-local Address

    IPv6 Addressing Configuration Enabling IPv6 with an Automatically Configured Link-Local Address Enabling IPv6 with an Automatically Configured Link-Local Address This command enables automatical configuration of a link-local address . Syntax: [no] ipv6 enable If IPv6 has not already been enabled on a VLAN by another IPv6 command option described in this chapter, this command enables IPv6 on the VLAN and automatically configures the VLAN's link-local unicast address with a 64-bit EUI-64 inter-...
  • Page 75: Enabling Automatic Configuration Of A Global Unicast Address And A Default Router Identity On A Vlan

    IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicast Address and a Default Router Identity on a VLAN Enabling Automatic Configuration of a Global Unicast Address and a Default Router Identity on a VLAN Enabling autoconfig or rebooting the switch with autoconfig enabled on a VLAN causes the switch to configure IPv6 addressing on the VLAN using router advertisements and an EUI-64 interface identifier (page 3-14).
  • Page 76: Operating Notes

    IPv6 Addressing Configuration Enabling Automatic Configuration of a Global Unicast Address and a Default Router Identity on a VLAN — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned to a VLAN by autoconfiguration is set to the preferred and valid lifetimes specified by the RA used to generate the address, and is configured as a preferred address.
  • Page 77: Enabling Dhcpv6

    IPv6 Addressing Configuration Enabling DHCPv6 Enabling DHCPv6 Enabling the DHCPv6 option on a VLAN allows the switch to obtain a global unicast address and an NTP (network time protocol) server assignment for a Timep server. (If a DHCPv6 server is not needed to provide a global unicast address to a switch interface, the server can still be configured to provide the NTP server assignment.
  • Page 78: Operating Notes

    IPv6 Addressing Configuration Enabling DHCPv6 — Continued from the previous page. — After verification of uniqueness by DAD, an IPv6 address assigned to the VLAN by an DHCPv6 server is set to the preferred and valid lifetimes specified in a router advertise- ment received on the VLAN for the prefix used in the assigned address, and is configured as a preferred address.
  • Page 79: Configuring A Static Ipv6 Address On A Vlan

    IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN DHCPv6 and statically configured global unicast or anycast addresses are ■ mutually exclusive on a given VLAN. That is, configuring DHCPv6 on a VLAN erases any static global unicast or anycast addresses previously configured on that VLAN, and the reverse.
  • Page 80: Statically Configuring A Link-local Unicast Address

    IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring a Link-Local Unicast Address Syntax: [no] ipv6 address fe80::< device-identifier > link-local If IPv6 is not already enabled on the VLAN, this command ■ enables IPv6 and configures a static link-local address. ■...
  • Page 81: Statically Configuring A Global Unicast Address

    IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Statically Configuring A Global Unicast Address Syntax:. [no] ipv6 address < network-prefix><device-id >/< prefix-length > [no] ipv6 address < network-prefix>::/< prefix-length > eui-64 If IPv6 is not already enabled on a VLAN, either of these command options do the following: ■...
  • Page 82: Operating Notes

    IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Operating Notes With IPv6 enabled, the switch determines the default IPv6 router for the ■ VLAN from the router advertisements it receives. (Refer to “Router Access and Default Router Selection” on page 4-27.) ■...
  • Page 83 IPv6 Addressing Configuration Configuring a Static IPv6 Address on a VLAN Syntax:. [no] ipv6 address < network-prefix >< device-identifier >/< prefix-length > anycast If IPv6 is not already enabled on a VLAN, this command option does the following: enables IPv6 on the VLAN ■...
  • Page 84: Duplicate Address Detection (dad) For Statically Configured Addresses

    IPv6 Addressing Configuration Disabling IPv6 on a VLAN Duplicate Address Detection (DAD) for Statically Configured Addresses Statically configured IPv6 addresses are designated as permanent. If DAD determines that a statically configured address duplicates a previously config- ured and reachable address on another device belonging to the VLAN, then the more recent, duplicate address is designated as duplicate.
  • Page 85: Neighbor Discovery (nd)

    IPv6 Addressing Configuration Neighbor Discovery (ND) Neighbor Discovery (ND) Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP for layer 2 address resolution, and uses IPv6 ICMP messages to do the following: Determine the link-layer address of neighbors on the same VLAN inter- ■...
  • Page 86: Duplicate Address Detection (dad)

    IPv6 Addressing Configuration Duplicate Address Detection (DAD) N o t e : Neighbor and router solicitations must originate on the same VLAN as the receiving device. To support this operation, IPv6 is designed to discard any incoming neighbor or router solicitation that does not have a value of 255 in the IP Hop Limit field.
  • Page 87: Configuring Dad

    IPv6 Addressing Configuration Duplicate Address Detection (DAD) that includes its link-local address. If the newly configured address is from a static or DHCPv6 source and is found to be a duplicate, it is labelled as duplicate in the “Address Status” field of the show ipv6 command, and is not used.
  • Page 88: Operating Notes

    IPv6 Addressing Configuration Duplicate Address Detection (DAD) Operating Notes A verified link-local unicast address must exist on a VLAN interface before ■ the switch can run DAD on other addresses associated with the interface. ■ If a previously configured unicast address is changed, a neighbor adver- tisement (an all-nodes multicast message--ff02::1) is sent to notify other devices on the VLAN and to perform duplicate address detection.
  • Page 89: View The Current Ipv6 Addressing Configuration

    IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Use these commands to view the current status of the IPv6 configuration on the switch. Syntax: show ipv6 Lists the current, global IPv6 settings and per-VLAN IPv6 addressing on the switch.
  • Page 90 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration Address Origin: Autoconfig: The address was configured using stateless ■ address autoconfiguration (SLAAC). In this case, the device identifier for global unicast addresses copied from the current link-local unicast address. DHCP: The address was assigned by a DHCPv6 server. Note ■...
  • Page 91 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts Vlan Name : DEFAULT_VLAN IPv6 Status : Disabled Vlan Name : VLAN10...
  • Page 92 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration DAD Attempts: Indicates the number of neighbor solicita- ■ tions the switch transmits per-address for duplicate (IPv6) address detection. Implemented when a new address is configured or when an interface with config- ured addresses comes up (such as after a reboot).
  • Page 93 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show ipv6 vlan 10 Internet (IPv6) Service IPv6 Routing : Disabled Default Gateway : 10.0.9.80 ND DAD : Enabled DAD Attempts Vlan Name : VLAN10 IPv6 Status : Enabled IPv6 Address/Prefixlength...
  • Page 94 IPv6 Addressing Configuration View the Current IPv6 Addressing Configuration ProCurve(config)# show run Running configuration: vlan 10 name "VLAN10" Statically configured IPv6 addresses untagged A1-A12 appear in the show run output. ipv6 address fe80::127 link-local ipv6 address 2001:db8::127/64 ipv6 address 2001:db8::15:101/64 anycast...
  • Page 95: Router Access And Default Router Selection

    IPv6 Addressing Configuration Router Access and Default Router Selection Router Access and Default Router Selection Routing traffic between destinations on different VLANs configured on the switch or to a destination on an off-switch VLAN is done by placing the switch on the same VLAN interface or subnet as an IPv6-capable router configured to route traffic to other IPv6 interfaces or to tunnel IPv6 traffic across an IPv4 network.
  • Page 96: Default Ipv6 Router

    IPv6 Addressing Configuration Router Access and Default Router Selection N o t e If the switch does not receive a router advertisement after sending the router solicitations, as described above, then no further router solicitations are sent on that VLAN unless a new IPv6 setting is configured, IPv6 on the VLAN is disabled, then re-enabled, or the VLAN itself is disconnected, then recon- nected.
  • Page 97: View Ipv6 Gateway, Route, And Router Neighbors

    IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors View IPv6 Gateway, Route, and Router Neighbors Use these commands to view the switch's current routing table content and connectivity to routers per VLAN. This includes information received in router advertisements from IPv6 routers on VLANs enabled with IPv6 on the switch.
  • Page 98: Viewing Ipv6 Router Information

    IPv6 Addressing Configuration View IPv6 Gateway, Route, and Router Neighbors ProCurve(config)# show ipv6 route IPv6 Route Entries “Unknown” Address Dest : ::/0 Type : static Gateway : fe80::213:c4ff:fedd:14b0%vlan10 Dist. : 40 Metric : 0 Dest : ::1/128 Type : connected...
  • Page 99 VLAN as is indicated in the Interface field. For example, figure 4-5 indicates that the switch is receiving router advertise- ments from a single router that exists on VLAN 10. ProCurve(config)# show ipv6 routers IPv6 Router Table Entries Router Address : fe80::213:c4ff:fedd:14b0...
  • Page 100: Address Lifetimes

    IPv6 Addressing Configuration Address Lifetimes Address Lifetimes Every configured IPv6 unicast and anycast address has a lifetime setting that determines how long the address can be used before it must be refreshed or replaced. Some addresses are set as “permanent” and do not expire. Others have both a “preferred”...
  • Page 101 IPv6 Addressing Configuration Address Lifetimes Table 4-1. IPv6 Unicast Addresses Lifetimes Address Source Lifetime Criteria Link-Local Permanent Statically Configured Unicast or Anycast Permanent Autoconfigured Global Finite Preferred and Valid Lifetimes DHCPv6-Configured Finite Preferred and Valid Lifetimes A new, preferred address used as a replacement for a deprecated address can be acquired from a manual, DHCPv6, or autoconfiguration source.
  • Page 102 IPv6 Addressing Configuration Address Lifetimes 4-34...
  • Page 103: Ipv6 Management Features

    IPv6 Management Features Contents Introduction ..........5-2 Viewing and Clearing the IPv6 Neighbors Cache .
  • Page 104: Introduction

    IPv6 Management Features Introduction Introduction Feature Default Neighbor Cache 5-3, 5-5 Telnet6 Enabled 5-6, 5-7, 5-8 SNTP Address None 5-10 Timep Address None 5-13 TFTP 5-15 SNMP Trap Receivers None 5-21 This chapter focuses on the IPv6 application of management features in software release K.13.01 that support both IPv6 and IPv4 operation.
  • Page 105: Viewing The Neighbor Cache

    IPv6 Management Features Viewing and Clearing the IPv6 Neighbors Cache Viewing the Neighbor Cache Neighbor discovery occurs when there is communication between IPv6 devices on a VLAN. The Neighbor Cache retains data for a given neighbor until the entry times out. For more on this topic, refer to “Neighbor Discovery (ND)” on page 4-17.
  • Page 106 001279-88a100 REACH local fe80::10:27 001560-7aadc0 REACH dynamic A3 fe80::213:c4ff:fedd:14b0 0013c4-dd14b0 REACH dynamic A1 Figure 5-1. Example of Neighbor Cache Without Specifying a VLAN ProCurve(config)# show ipv6 neighbor vlan 10 IPv6 ND Cache Entries IPv6 Address MAC Address State Age Port...
  • Page 107: Clearing The Neighbor Cache

    (Local IPv6 addresses, that is, IPv6 addresses configured on the VLAN interface for the switch on which the command is executed, are not removed.) Removed addresses are listed in the command output. ProCurve(config)# clear ipv6 neighbors 2001:db8:260:212::1%vlan10 deleted fe80:::10:27%vlan10 deleted fe80::213:c4ff:fedd:14b0%vlan10 deleted...
  • Page 108: Telnet6 Operation

    VLAN interface (VLAN 10), you would use the following command: ProCurve(config)# telnet fe80::215:60ff:fe79:980%vlan10 If the switch is receiving router advertisements from an IPv6 default gateway router, you can Telnet to a device on the same VLAN or another VLAN or subnet by using its global unicast address.
  • Page 109: Viewing The Current Telnet Activity On A Switch

    To: The destination of the outbound session, if in use. For example, the following figure shows that the switch is running one outbound, IPv4 session and is being accessed by two inbound sessions. ProCurve# show telnet Telnet Activity -------------------------------------------------------- Session...
  • Page 110: Enabling Or Disabling Inbound Telnet6 Access

    Telnet4 access is no telnet-server.) For example, to disable Telnet6 access to the switch, you would use this com- mand: ProCurve(config)# no telnet6-server Viewing the Current Inbound Telnet6 Configuration Syntax: show console This command shows the current configuration of IPv4 and IPv6 inbound telnet permissions, as well as other informa- tion.
  • Page 111: Sntp And Timep

    IPv6 Management Features SNTP and Timep SNTP and Timep Configuring (Enabling or Disabling) the SNTP Mode Software release K.13.01 enables configuration of a global unicast address for IPv6 SNTP time server. This section lists the SNTP and related commands, including an example of using an IPv6 address.
  • Page 112: Configuring An Ipv6 Address For An Sntp Server

    IPv6 Management Features SNTP and Timep Configuring an IPv6 Address for an SNTP Server N o t e To use a global unicast IPv6 address to configure an IPv6 SNTP time server on the switch, the switch must be receiving advertisements from an IPv6 router on a VLAN configured on the switch.
  • Page 113 ■ as the priority “1” and “2” SNTP servers, respectively, using version 7, you would enter these commands at the global config level, as shown below. ProCurve(config)# sntp server priority 1 fe80::215:60ff:fe7a:adc0%vlan10 7 ProCurve(config)# sntp server priority 2 2001:db8::215:60ff:fe79:8980 7...
  • Page 114: Configuring (enabling Or Disabling) The Timep Mode

    IPv6 Management Features SNTP and Timep For example, the show sntp output for the preceeding sntp server command example would appear as follows: ProCurve(config)# show sntp SNTP Configuration This example illustrates the command output when both IPv6 and IPv4 server Time Sync Mode: Sntp addresses are configured.
  • Page 115 IPv6 Management Features SNTP and Timep ip timep manual < ipv6-addr > Enable Timep operation with a statically configured [ interval < 1 - 9999 >] IPv6 address for a Timep server. Optionally change the interval between time requests. no ip timep Disables Timep operation.
  • Page 116 IPv6 Management Features SNTP and Timep ProCurve(config)# ip timep manual fe80::215:60ff:fe7a:adc0%vlan10 N o t e In the preceeding example, using a link-local address requires that you specify the local scope for the address; VLAN 10 in this case. This is always indicated by %vlan followed immediately (without spaces) by the VLAN identifier.
  • Page 117: Tftp File Transfers Over Ipv6

    IPv6 Management Features TFTP File Transfers Over IPv6 TFTP File Transfers Over IPv6 TFTP File Transfers over IPv6 You can use TFTP copy commands over IPv6 to upload, or download files to and from a physically connected device or a remote TFTP server, including: ■...
  • Page 118: Enabling Tftp For Ipv6

    IPv6 Management Features TFTP File Transfers Over IPv6 Enabling TFTP for IPv6 TFTP for IPv6 is enabled by default on the switch. However, if it is disabled, you can re-enable it by specifying TFTP client or server functionality with the tftp6 <client | server>...
  • Page 119: Using Tftp To Copy Files Over Ipv6

    IPv6 Management Features TFTP File Transfers Over IPv6 Using TFTP to Copy Files over IPv6 Use the TFTP copy commands described in this section to: ■ Download specified files from a TFTP server to a switch on which TFTP client functionality is enabled. ■...
  • Page 120 IPv6 Management Features TFTP File Transfers Over IPv6 flash < primary | secondary >: Copies a software file stored ■ on a remote host to primary or secondary flash memory on the switch. To run a newly downloaded software image, enter the reload or boot system flash command. pub-key-file: Copies a public-key file to the switch.
  • Page 121: Using Auto-tftp For Ipv6

    IPv6 Management Features TFTP File Transfers Over IPv6 < ipv6-addr >: If this is a link-local address, use this IPv6 address format: fe80::< device-id >%vlan< vid > For example: fe80::123%vlan10 If this is a global unicast or anycast address, use this IPv6 format: <...
  • Page 122: Snmp Management For Ipv6

    As with SNMP for IPv4, you can manage a switch via SNMP from an IPv6- based network management station by using an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). (For more on PCM and PCM+, go to the ProCurve Networking web site at www.procurve.com.)
  • Page 123: Snmp Configuration Commands Supported

    IPv6 Management Features SNMP Management for IPv6 SNMP Configuration Commands Supported IPv6 addressing is supported in the following SNMP configuration commands: For more information on each SNMP configuration procedure, refer to the “Configuring for Network Management Applications” chapter in the current Management and Configuration Guide for your switch.
  • Page 124 (including the IPv4 or IPv6 address) that can receive SNMPv1 and SNMPv2c traps, and the source IP (interface) address used in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests. ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access...
  • Page 125: Ip Preserve For Ipv6

    IP Preserve for IPv6 The show snmpv3 targetaddress command displays the configuration (including the IPv4 or IPv6 address) of the SNMPv3 management stations to which notification messages are sent. ProCurve(config)# show snmpv3 targetaddress snmpTargetAddrTable [rfc2573] Target Name IP Address Parameter ------------------------- ---------------------- --------------------------- 15.29.17.218...
  • Page 126 IPv6 Management Features IP Preserve for IPv6 ; J8697A Configuration Editor; Created on release #K.13.01 hostname "ProCurve" time daylight-time-rule None Entering an ip preserve statement as the last line in a configuration file stored on a TFTP server allows you to download and execute the file as the startup-config file on an IPv6 switch.
  • Page 127 Figure 5-11. Configuration File with Dedicated IP Addressing After Startup with IP Preserve For more information on how to use the IP Preserve feature, refer to the “Configuring IP Addressing” chapter in the current Management and Config- uration Guide for your ProCurve switch. 5-25...
  • Page 128 IPv6 Management Features IP Preserve for IPv6 5-26...
  • Page 129: Ipv6 Management Security Features

    IPv6 Management Security Features Contents IPv6 Management Security ........6-2 Authorized IP Managers for IPv6 .
  • Page 130: Ipv6 Management Security

    IPv6 Management Security Features IPv6 Management Security IPv6 Management Security This chapter describes management security features that are IPv6 counter- parts of IPv4 management security features on the switches covered by this guide. Feature Default configure authorized IP disabled managers for IPv6 configuring secure shell for IPv6 disabled 6-15...
  • Page 131: Authorized Ip Managers For Ipv6

    IPv6 Management Security Features Authorized IP Managers for IPv6 Authorized IP Managers for IPv6 The Authorized IP Managers feature uses IP addresses and masks to deter- mine which stations (PCs or workstations) can access the switch through the network. This feature supports switch access through: ■...
  • Page 132 IPv6 Management Security Features Authorized IP Managers for IPv6 You configure each authorized manager address with Manager or Opera- ■ tor-level privilege to access the switch in a Telnet, SNMPv1, or SNMPv2c session. (Access privilege for SSH, SNMPv3, and web browser sessions are configured through the access application, not through the Authorized IP Managers feature.) •...
  • Page 133: Configuring Authorized Ip Managers For Switch Access

    IPv6 Management Security Features Authorized IP Managers for IPv6 Configuring Authorized IP Managers for Switch Access To configure one or more IPv6-based management stations to access the switch using the Authorized IP Managers feature, enter the ipv6 authorized- managers command Syntax: ipv6 authorized-managers <ipv6-addr>...
  • Page 134: Configuring Multiple Station Access

    IPv6 Management Security Features Authorized IP Managers for IPv6 N o t e s If you do not enter a value for the ipv6-mask parameter when you configure an authorized IPv6 address, the switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the default mask (see “Configuring Authorized IP Managers for Switch Access”...
  • Page 135 IPv6 Management Security Features Authorized IP Managers for IPv6 Conversely, in a mask, a “0” binary bit means that either the “on” or “off” setting of the corresponding IPv6 bit in an authorized address is valid and does not have to match the setting of the same bit in the specified IPv6 address. Figure 6-2 shows the binary expressions represented by individual hexadeci- mal values in an ipv6-mask parameter.
  • Page 136 IPv6 Management Security Features Authorized IP Managers for IPv6 Example. Figure 6-3 shows an example in which a mask that authorizes switch access to four management stations is applied to the IPv6 address: 2001:DB8:0000:0000:244:17FF:FEB6:D37D. The mask is: FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC. Manager- or Operator-Level Access Block Block Block...
  • Page 137 IPv6 Management Security Features Authorized IP Managers for IPv6 to 0 (“off”) and allow the corresponding bits in an authorized IPv6 address to be either “on” or “off”. As a result, only the four IPv6 addresses shown in Figure 6-5 are allowed access. Block Block Block...
  • Page 138 IPv6 Management Security Features Authorized IP Managers for IPv6 Each authorized station has the same 64-bit device ID (244:17FF:FEB6:D37D) ■ because the value of the last four blocks in the mask is FFFF (binary value 1111 1111). FFFF requires all bits in each corresponding block of an authorized IPv6 address to have the same “on”...
  • Page 139 IPv6 Management Security Features Authorized IP Managers for IPv6 Figure 6-7 shows the bits in the fourth block of the mask that determine the valid subnets in which authorized stations with an IPv6 device ID of 244:17FF:FEB6:D37D reside. FFF8 in the fourth block of the mask means that bits 3 - 15 of the block are fixed and, in an authorized IPv6 address, must correspond to the “on”...
  • Page 140: Displaying An Authorized Ip Managers Configuration

    Authorized IP Managers for IPv6 Displaying an Authorized IP Managers Configuration Use the show ipv6 authorized-managers command to list the IPv6 stations authorized to access the switch; for example: ProCurve# show ipv6 authorized-managers IPv6 Authorized Managers --------------------------------------- Address : 2001:db8:0:7::5...
  • Page 141: Additional Examples Of Authorized Ipv6 Managers Configuration

    IPv6 mask. Also, if you do not specify an access value to grant either Manager- or Operator-level access, by default, the switch assigns Man- ager access. For example: ProCurve# ipv6 authorized-managers 2001:db8::a8:1c:e3:69 ProCurve# show ipv6 authorized-managers IPv6 Authorized Managers...
  • Page 142 ProCurve(config)# ipv6 authorized-managers 2001:db8::a05b:17ff:fec5:3f61 Deleting an Authorized IP Manager Entry. Enter only the IPv6 address of the configured authorized IP manager station that you want to delete with the no form of the command; for example: ProCurve(config)# no ipv6 authorized-managers 2001:db8::231:17ff:fec5:3e61 6-14...
  • Page 143: Secure Shell For Ipv6

    IPv6 Management Security Features Secure Shell for IPv6 Secure Shell for IPv6 The Secure Shell (SSH) for IPv6 feature provides the same Telnet-like func- tions through encrypted, authenticated transactions as SSH for IPv4. SSH for IPv6 provides CLI (console) access and secure file transfer functionality. The following types of transactions are supported: Client public-key authentication ■...
  • Page 144 IPv6 Management Security Features Secure Shell for IPv6 Syntax:. [no] ip ssh Enables SSH on the switch and activates the connection with a configured SSH server (RADIUS or TACACS+). To disable SSH on the switch, enter the no ip ssh com- mand.
  • Page 145: Displaying An Ssh Configuration

    To verify an SSH for IPv6 configuration and display all SSH sessions running on the switch, enter the show ip ssh command. Information on all current SSH sessions (IPv4 and IPv6) is displayed. ProCurve(config)# show ip ssh SSH enabled : Yes Displays the current SSH configuration and status.
  • Page 146: Secure Copy And Secure Ftp For Ipv6

    SCP and SFTP run over an encrypted SSH session allowing you to use a secure SSH tunnel to: ■ Transfer files and update ProCurve software images. Distribute new software images with automated scripts that make it easier ■ to upgrade multiple switches simultaneously and securely.
  • Page 147: Multicast Listener Discovery (mld) Snooping

    Multicast Listener Discovery (MLD) Snooping Contents Overview ........... . . 7-2 Introduction to MLD Snooping .
  • Page 148: Overview

    Multicast Listener Discovery (MLD) Snooping Overview Overview Multicast addressing allows one-to-many or many-to-many communication among hosts on a network. Typical applications of multicast communication include audio and video streaming, desktop conferencing, collaborative com- puting, and similar applications. Multicast Listener Discovery (MLD) is an IPv6 protocol used on a local link for multicast group management.
  • Page 149: Introduction To Mld Snooping

    Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Introduction to MLD Snooping There are several roles that network devices may play in an IPv6 multicast environment: ■ MLD host—a network node that uses MLD to “join” (subscribe to) one or more multicast groups multicast router—a router that routes multicast traffic between sub- ■...
  • Page 150 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping General operation. Multicast communication can take place without MLD, and by default MLD is disabled. In that case, if a switch receives a packet with a multicast destination address, it floods the packet to all ports in the same VLAN (except the port that it came in on).
  • Page 151 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Note that MLD snooping operates on a single VLAN (though there can be multiple VLANs, each running MLD snooping). Cross-VLAN traffic is handled by a multicast router. Forwarding in MLD snooping. When MLD snooping is active, a multicast packet is handled by the switch as follows: ■...
  • Page 152 MLD hosts to multicast queries, and forward or block multicast traffic accordingly. All of the ProCurve switches described by this guide have the querier function enabled by default. If there is another device on the VLAN that is already acting as querier, the switch defers to that querier.
  • Page 153 Multicast Listener Discovery (MLD) Snooping Introduction to MLD Snooping Fast leaves and forced fast leaves. The fast leave and forced fast leave functions can help to prune unnecessary multicast traffic when an MLD host issues a leave request from a multicast address. Fast leave is enabled by default and forced fast leave is disabled by default.
  • Page 154: Configuring Mld

    The [no] form of the command disables MLD snooping on a VLAN. MLD snooping is disabled by default. For example, to enable MLD snooping on VLAN 8: ProCurve# config ProCurve(config)# vlan 8 ProCurve(vlan-8)# ipv6 mld To disable MLD snooping on VLAN 8: ProCurve(vlan-8)# no ipv6 mld...
  • Page 155: Configuring Per-port Mld Traffic Filters

    <port-list>—specifies the affected port or range of ports For example: ProCurve(vlan-8)# ipv6 mld forward a16-a18 ProCurve(vlan-8)# ipv6 mld blocked a19-a21 ProCurve(vlan-8)# show ipv6 mld vlan 8 config MLD Service Vlan Config VLAN ID : 8 VLAN NAME : VLAN8 MLD Enabled [No] : Yes...
  • Page 156: Configuring The Querier

    For example, to disable the switch from acting as querier on VLAN 8: ProCurve(vlan-8)# no ipv6 mld querier To enable the switch to act as querier on VLAN 8: ProCurve(vlan-8)# ipv6 mld querier Configuring Fast Leave Syntax: [no] ipv6 mld fastleave <port-list>...
  • Page 157: Configuring Forced Fast Leave

    Multicast Listener Discovery (MLD) Snooping Configuring MLD For example, to disable fast leave on ports in VLAN 8: ProCurve(vlan-8)# no ipv6 mld fastleave a14-a15 To enable fast leave on ports in VLAN 8: ProCurve(vlan-8)# ipv6 mld fastleave a14-a15 Configuring Forced Fast Leave Syntax: [no] ipv6 mld forcedfastleave <port-list>...
  • Page 158: Displaying Mld Status And Configuration

    Displays MLD status for the specified VLAN vid—VLAN ID For example, a switch with MLD snooping configured on VLANs 8 and 9 might show the following information: ProCurve# show ipv6 mld MLD Service Protocol Info Total vlans with MLD enabled Current count of multicast groups joined...
  • Page 159 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration ff02::1:ff04:3 FILT 0h:4m:5s ff02::1:ff05:1 FILT 0h:4m:3s ff02::1:ff0b:2dfe FILT 0h:3m:59s A17 ff02::1:ff0b:d7d9 FILT 0h:4m:4s ff02::1:ff0b:da09 FILT 0h:4m:5s ff02::1:ff0b:dc38 FILT 0h:4m:3s ff02::1:ff0b:dc8d FILT 0h:4m:4s ff02::1:ff0b:dd56 FILT 0h:4m:0s ff02::1:ff12:e0cd FILT 0h:4m:5s ff02::1:ff4e:98a5 FILT 0h:4m:0s ff02::1:ff57:21a1 FILT 0h:3m:58s A20 ff02::1:ff6b:dd51...
  • Page 160 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The following information is shown for each VLAN that has MLD snooping enabled: ■ VLAN ID number and name Querier address: IPv6 address of the device acting as querier for the VLAN ■...
  • Page 161: Current Mld Configuration

    Displays current MLD configuration for the specified VLAN, including per-port configuration information. vid—VLAN ID For example, the general form of the command might look like this: ProCurve# show ipv6 mld config MLD Service Config Control unknown multicast [Yes] : Yes...
  • Page 162 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The specific form of the command might look like this: ProCurve# show ipv6 mld vlan 8 config MLD Service Vlan Config VLAN ID : 8 VLAN NAME : VLAN8 MLD Enabled [No] : Yes...
  • Page 163: Ports Currently Joined

    For example, the general form of the command is shown below. The specific form the the command is similar, except that it lists the port information for only the specified group. ProCurve# show ipv6 mld vlan 9 group MLD Service Protocol Group Info VLAN ID : 9...
  • Page 164: Statistics

    Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The following information is shown: ■ VLAN ID and name ■ port information for each IPv6 multicast group address in the VLAN (general group command) or for the specified IPv6 multicast group address (specific group command): •...
  • Page 165 VLAN8 VLAN9 Figure 7-9. Example of MLD Statistics for All VLANs Configured And the specific form of the command: ProCurve# show ipv6 mld vlan 8 statistics MLD Statistics VLAN ID : 8 VLAN NAME : VLAN8 Number of Filtered Groups...
  • Page 166: Counters

    Displaying MLD Status and Configuration Counters Syntax: show ipv6 mld vlan <vid> counters Displays MLD counters for the specified VLAN vid—VLAN ID ProCurve# show ipv6 mld vlan 8 counters MLD Service Vlan Counters VLAN ID : 8 VLAN NAME : VLAN8 General Query Rx...
  • Page 167 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration The following information is shown: ■ VLAN number and name ■ For each VLAN: • number of general queries received • number of general queries sent • number of group-specific queries received •...
  • Page 168 Multicast Listener Discovery (MLD) Snooping Displaying MLD Status and Configuration 7-22...
  • Page 169: Contents

    IPv6 Diagnostic and Troubleshooting Contents Introduction ..........8-2 ICMP Rate-Limiting .
  • Page 170: Ipv6 Diagnostic And Troubleshooting

    IPv6 Diagnostic and Troubleshooting Introduction Introduction Feature Default IPv6 ICMP Message Interval and 100 ms Token Bucket 10 max tokens ping6 Enabled traceroute6 The IPv6 ICMP feature enables control over the error and informational message rate for IPv6 traffic, which can help mitigate the effects of a Denial- of-service attack.
  • Page 171 Use the show run command to view the current ICMP error interval settings. For example, the following command limits ICMP error and informational messages to no more than 20 every 1 second: ProCurve(config)# ipv6 icmp error-interval 1000000 bucket-size...
  • Page 172: Ping For Ipv6 (ping6)

    IPv6 Diagnostic and Troubleshooting Ping for IPv6 (Ping6) Ping for IPv6 (Ping6) The Ping6 test is a point-to-point test that accepts an IPv6 address or IPv6 host name to see if an IPv6 switch is communicating properly with another device on the same or another IP network.
  • Page 173 2001:0db8:0000:0000:000a:001c:00e3:0003 is alive, iteration 3, time = 15 ms 3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms) min/avg/max = 15/15/15 ProCurve# ping6 2001:db8::214:c2ff:fe4c:e480 repetitions 3 timeout 2 2001:db8:0000:0000:0214:c2ff:fe4c:e480 is alive, iteration 1, time = 15 ms 2001:db8:0000:0000:0214:c2ff:fe4c:e480 is alive, iteration 2, time = 10 ms...
  • Page 174: Traceroute For Ipv6

    IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Traceroute for IPv6 The traceroute6 command enables you to trace the route from a switch to a host device that is identified by an IPv6 address or IPv6 host name. In the command output, information on each (router) hop between the switch and the destination IPv6 address is displayed.
  • Page 175 IPv6 Diagnostic and Troubleshooting Traceroute for IPv6 Syntax: traceroute6 < ipv6-address | hostname > [minttl < 1-255 > [maxttl < 1-255 > [timeout < 1 - 60 >] [probes < 1-5 >] traceroute6 <link-local-address%vlan<vid> | hostname > [minttl < 1-255 >] [maxttl < 1-255 >] [timeout < 1 - 60 >] [probes < 1-5 >] Displays the IPv6 address of each hop in the route to the specified destination host device with the time (in microseconds) required for a packet reply to be received from...
  • Page 176 0 ms 1 ms 0 ms three probes sent to each router. Destination IPv6 address ProCurve# traceroute6 2001:db8::10 maxttl 7 traceroute to fe80::1:2:3:4 1 hop min, 7 hops max, 5 sec. timeout, 3 probes 2001:db8::a:1c:e3:3 0 ms 0 ms 0 ms...
  • Page 177: Dns Resolver For Ipv6

    IPv6 Diagnostic and Troubleshooting DNS Resolver for IPv6 DNS Resolver for IPv6 The Domain Name System (DNS) resolver is designed for local network domains where it enables use of a host name or fully qualified domain name to support DNS-compatible commands from the switch. Beginning with soft- ware release K.13.01,DNS operation supports these features: ■...
  • Page 178 Assume that the above, configured DNS server supports an IPv6 device having a host name of “mars-1” (and an IPv6 address of fe80::215:60ff:fe7a:adc0) in the “mygroup.procurve.net” domain. In this case you can use the device's host name alone to ping the device because the mygroup.procurve.net domain has...
  • Page 179: Viewing The Current Configuration

    = 1 ms Figure 8-1. Example of Configuring for a Local DNS Server and Pinging a Registered Device However, for the same “mars-1” device, if mygroup.procurve.net was not the configured domain name, you would have to use the fully qualified domain name for the device named mars-1: ProCurve# ping6 mars-1.mygroup.procurve.net...
  • Page 180: Debug/syslog For Ipv6

    IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug/Syslog for IPv6 The Debug/System logging (Syslog) for IPv6 feature provides the same logging functions as the IPv4 version, allowing you to record IPv4 and IPv6 Event Log and debug messages on a remote device to troubleshoot switch or network operation.
  • Page 181: Debug Command

    IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Debug Command Syntax: [no] debug < debug-type > Configures the types of IPv4 and IPv6 messages that are sent to Syslog servers or other debug destinations, where <debug-type > is any of the following event types: When a match occurs on an ACL “deny”...
  • Page 182 IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Syntax:. [no] debug < debug-type > (Continued) ip [ ospf < adj | event | flood | lsa-generation | packet | retransmission | spf > ] Configures specified IPv4 OSPF message types to be sent to configured debug destinations: adj —...
  • Page 183: Configuring Debug Destinations

    IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Configuring Debug Destinations A Debug/Syslog destination device can be a Syslog server (up to six maximum) and/or a console session: Use the debug destination < logging | session | buffer > command to enable ■...
  • Page 184: Logging Command

    IPv6 Diagnostic and Troubleshooting Debug/Syslog for IPv6 Logging Command Syntax: [no] logging < syslog-ipv4-addr > Enables or disables Syslog messaging to the specified IPv4 address. You can configure up to six addresses. If you config- ure an address when none are already configured, this com- mand enables destination logging (Syslog) and the Event debug type.
  • Page 185 Terminology DAD Duplicate Address Detection. Refer to “Duplicate Address Detection (DAD)” on page 4-18. Device Identifier The low-order bits in an IPv6 address that identify a specific device. For example, in the link-local address 2001:db8:a10:101:212:79ff:fe88:a100/64, the bits forming 212:79ff:fe88:a100 comprise the device identifier. DoS Denial-of-Service.
  • Page 186 Terminology...
  • Page 187 Index Symbols authorized IP managers binary expressions of hexadecimal … 4-7, 4-13 blocks … 6-7, 6-11 %vlan suffix … 5-6, 5-10, 5-13 configuration command … 6-5 configuration examples … 6-8, 6-13 configuring access privilege … 6-4 displaying configuration … 6-12 feature description …...
  • Page 188 crash data file supported with DHCPv4 on same VLAN … 4-10 TFTP upload on remote device … 5-18 timep server … 2-8 crash log TFTP upload on remote device … 5-18 configuration … 8-9 domain-name … 8-10 for IPv6 … 2-14 view configuration …...
  • Page 189 configuration overview … 4-4 DAD … 4-18 gateway debug … 8-12 determining default IPv6 route … 2-8, 4-29 default gateway … 2-8, 4-29 global unicast address DHCPv6 server-assigned address … 2-8, 3-5, 3-6, autoconfiguration … 3-5, 3-11, 3-16, 4-7 3-8, 4-4, 4-9 autoconfigured is mutually exclusive with DHCP disabling …...
  • Page 190 single IPv6 link-local address on an network prefix … 3-4 interface … 3-13 one address per interface … 3-13 SNMP support … 2-15, 5-20 LLDP SNTP debug messages … 8-14 See SNTP server. local unicast address SSHv2 … 2-11 network prefix … 3-4 See also SSH.
  • Page 191 See MLD. DHCPv6 server-asigned address … 2-8, 3-5, 3-6, 3-8, 4-9 displaying IPv6 routing table … 4-29, 4-30 dual-stack operation … 2-6 neighbor cache, view … 5-3 IPv6 global unicast address neighbor discovery autoconfiguration … 2-7, 3-5, 3-11, 3-16, 4-7, for IPv6 nodes …...
  • Page 192 configuring SNMPv3 management for IPv6 … 8-12 station … 5-21 sending event log messages … 8-12 displaying SNMPv3 management station configuration … 5-23 displaying trap configuration … 5-22 Telnet features supported for IPv6 … 5-20 viewing current use … 5-7 IPv6 support …...
  • Page 193 displaying configuration … 5-22 link-local address manual configuration … 2-8, supported in IPv6 … 5-20 3-5, 3-9, 4-12 troubleshooting link-local address prefix … 3-11 configuring Syslog servers … 8-15 maximum number of IPv6 addresses … 2-15 IPv6 addresses in event log … 2-14 MLD snooping …...
  • Page 195 © Copyright 2008 Hewlett-Packard Development Company, L.P. January 2008 Manual Part Number 5992-3067...

Comments to this Manuals

Symbols: 0
Latest comments: