6-13
IPv6 Management Security Features
Authorized IP Managers for IPv6
Additional Examples of Authorized IPv6 Managers
Configuration
Authorizing Manager Access. The following IPv6 commands authorize
manager-level access for one link-local station at a time. Note that when you
enter a link-local IPv6 address with the ipv6 authorized-managers command,
you must also enter a VLAN ID in the format: %vlan<vlan-id>.
ProCurve(config)# ipv6 authorized-managers
fe80::07be:44ff:fec5:c965%vlan2
ProCurve(config)# ipv6 authorized-managers
fe80::070a:294ff:fea4:733d%vlan2
ProCurve(config)# ipv6 authorized-managers
fe80::19af:2cff:fe34:b04a%vlan5
If you do not enter an ipv6-mask value when you configure an authorized IPv6
address, the switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
as the default IPv6 mask. Also, if you do not specify an access value to grant
either Manager- or Operator-level access, by default, the switch assigns Man-
ager access. For example:
Figure 6-11. Default IPv6 Mask
ProCurve# ipv6 authorized-managers 2001:db8::a8:1c:e3:69
ProCurve# show ipv6 authorized-managers
IPv6 Authorized Managers
--------------------------
Address : 2001:db8::a8:1c:e3:69
Mask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Access : Manager
If you do not enter a value for ipv6-mask in the ipv6 authorized-managers command, the default mask of
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF: is applied. The default mask authorizes only the specified station (see
“Configuring Single Station Access” on page 6-5).