Configuring multiple station access, Configuring multiple station access -6 – HP 6200YL User Manual

IPv6 Management Security Features
Authorized IP Managers for IPv6

N o t e s

If you do not enter a value for the

ipv6-mask parameter when you configure an

authorized IPv6 address, the switch automatically uses
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the default mask (see “Configuring
Authorized IP Managers for Switch Access” on page 6-5).

If you have ten or fewer management and/or operator stations for which you
want to authorize access to the switch, it may be more efficient to configure
them by entering each IPv6 address with the default mask in a separate

ipv6

authorized-managers command.

When used in a mask, “

FFFF” specifies that each bit in the corresponding 16­

bit (hexadecimal) block of an authorized station’s IPv6 address must be
identical to the same “on” or “off” setting in the IPv6 address entered in the
ipv6 authorized-managers command. (The binary equivalent of FFFF is
1111 1111 1111 1111, where

1 requires the same “on” or “off” setting in an

authorized address.)

For example, as shown in Figure 6-1, if you configure a link-local IPv6 address
of FE80::202:B3FF:FE1E:8329 with a mask of
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF, only a station having an IPv6 address of
FE80::202:B3FF:FE1E:8329 has management access to the switch.

1st
Block

2nd
Block

3rd
Block

4th
Block

5th
Block

6th
Block

7th
Block

8th
Block

Manager- or Operator-Level Access

IPv6 Mask

FFFF

FFFF

FFFF

FFFF

FFFF

FFFF

FFFF

FFFF

The “FFFF” in each hexadecimal block
of the mask specifies that only the exact

IPv6 Address FE80

0000

0000

0000

202

B3FF

FE1E

8329

value of each bit in the corresponding
block of the IPv6 address is allowed.
This mask allows management access
only to a station having an IPv6 address
of FE80::202:B3FF:FE1E:8329.

Figure 6-1. Mask for Configuring a Single Authorized IPv6 Manager Station

Configuring Multiple Station Access

To authorize multiple stations to access the switch without having to re-enter
the

ipv6 authorized-managers command for each station, carefully select the

IPv6 address of an authorized IPv6 manager and an associated mask to
authorize a range of IPv6 addresses.

As shown in Figure 6-2, if a bit in any of the 4-bit binary representations of a
hexadecimal value in a mask is “on” (set to 1), then the corresponding bit in
the IPv6 address of an authorized station must match the “on” or “off’ setting
of the same bit in the IPv6 address you enter with the

ipv6 authorized-managers

command.

6-6