HP 6200YL User Manual

IPv6 Management Security Features
Authorized IP Managers for IPv6

Example.

Figure 6-3 shows an example in which a mask that authorizes

switch access to four management stations is applied to the IPv6 address:
2001:DB8:0000:0000:244:17FF:FEB6:D37D. The mask is:
FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC.

1st
Block

2nd
Block

3rd
Block

4th
Block

5th
Block

6th
Block

7th
Block

8th
Block

Manager- or Operator-Level Access

IPv6 Mask

FFFF

FFFF

FFFF

FFFF

FFFF

FFFF

FFFF

FFFC

IPv6 Address 2001

DB8

0000

0000

244

17FF

FEB6

D37D

The “F” value in the first 124 bits of the
mask specifies that only the exact value
of each corresponding bit in an
authorized IPv6 address is allowed.
However, the “C” value in the last four
bits of the mask allows four possible
combinations (D37C, D37D, D37E, and
D37F) in the last block of an authorized
IPv6 address.

Figure 6-3. Example: Mask for Configuring Four Authorized IPv6 Manager Stations

Last block in Mask: FFFC
Last block in IPv6 Address: D37D

Bit Numbers

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit

Bit Bit

Bit

Bit

Bit

Bit

15

14

13

12

11

10

9

8

7

6

5

4

3

2

1

0

Bit Value

F

F

F

C

FFFC: Last Block
in Mask

D37D: Last Block
in IPv6 Address

Bit Setting:

= 1 (On)

= 0 (Off)

Figure 6-4. Example: How a Mask Determines Four Authorized IPv6 Manager Addresses

As shown in Figure 6-4, if you use a mask of
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFC with an IPv6 address, you can authorize
four IPv6-based stations to access the switch. In this mask, all bits except the
last two are set to 1 (“on”); the binary equivalent of hexadecimal

C is 1100.

Therefore, this mask requires the first corresponding 126 bits in an authorized
IPv6 address to be the same as in the specified IPv6 address:
2001:DB8:0000:0000:244:17FF:FEB6:D37C. However, the last two bits are set

6-8