6-8
IPv6 Management Security Features
Authorized IP Managers for IPv6
Example. Figure 6-3 shows an example in which a mask that authorizes
switch access to four management stations is applied to the IPv6 address:
2001:DB8:0000:0000:244:17FF:FEB6:D37D. The mask is:
FFFF:FFFF:FFFF:FFF8:FFFF:FFFF:FFFF:FFFC.
Figure 6-3. Example: Mask for Configuring Four Authorized IPv6 Manager Stations
Figure 6-4. Example: How a Mask Determines Four Authorized IPv6 Manager Addresses
As shown in Figure 6-4, if you use a mask of
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFC with an IPv6 address, you can authorize
four IPv6-based stations to access the switch. In this mask, all bits except the
last two are set to 1 (“on”); the binary equivalent of hexadecimal C is 1100.
Therefore, this mask requires the first corresponding 126 bits in an authorized
IPv6 address to be the same as in the specified IPv6 address:
2001:DB8:0000:0000:244:17FF:FEB6:D37C. However, the last two bits are set
1st
Block
2nd
Block
3rd
Block
4th
Block
5th
Block
6th
Block
7th
Block
8th
Block
Manager- or Operator-Level Access
IPv6 Mask FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFC The “F” value in the first 124 bits of the
mask specifies that only the exact value
of each corresponding bit in an
authorized IPv6 address is allowed.
However, the “C” value in the last four
bits of the mask allows four possible
combinations (D37C, D37D, D37E, and
D37F) in the last block of an authorized
IPv6 address.
IPv6 Address 2001 DB8 0000 0000 244 17FF FEB6 D37D
Last block in Mask: FFFC
Last block in IPv6 Address: D37D
Bit Numbers Bit
15
Bit
14
Bit
13
Bit
12
Bit
11
Bit
10
Bit
9
Bit
8
Bit
7
Bit
6
Bit
5
Bit
4
Bit
3
Bit
2
Bit
1
Bit
0
Bit Value F F F
C
FFFC: Last Block
in Mask
D37D: Last Block
in IPv6 Address
Bit Setting: = 1 (On) = 0 (Off)