ServerIron ADX Switch and Router Guide
ServerIron ADX Switch and Router Guide
12.4.00
53-1002442-02
documentation@brocade.com


Configuring IPv6 Addressing : IPv6 management

IPv6 management
This section describes the following IPv6 management features:
The following IPv6 host feature is also supported:
IPv6 Access Control Lists
You can configure an IPv6 ACL to filter traffic to or from an IPv6 host. To do so, see the “Configuring IPv6 Access Control Lists (ACLs)” of the ServerIron TrafficWorks Security Guide.
Secure Shell, SCP, and IPv6
Secure Shell (SSH) is a mechanism that allows secure remote access to management functions on the Brocade device. SSH provides a function similar to Telnet. You can log in to and configure the Brocade device using a publicly or commercially available SSH client program, just as you can with Telnet. However, unlike Telnet, which provides no security, SSH provides a secure, encrypted connection to the Brocade device.
To open an SSH session between an IPv6 host running an SSH client program and the Brocade device, open the SSH client program and specify the IPv6 address of the device. For more information about configuring SSH on the Brocade device, see the “Configuring SSH” and “Disabling or re-enabling Secure Copy” sections of the “ServerIron System Management” chapter in the ServerIron Administration Guide.
IPv6 Telnet
Telnet sessions can be established between a device to a remote IPv6 host, and from a remote IPv6 host to the device using IPv6 addresses.
The telnet command establishes a Telnet connection from a Brocade device to a remote IPv6 host using the console. Up to five read-access Telnet sessions are supported on the router at one time. Write-access through Telnet is limited to one session, and only one outgoing Telnet session is supported on the router at one time. To see the number of open Telnet sessions at any time, enter the show telnet command.
Example  
To establish a Telnet connection to a remote host with the IPv6 address of 3001:2837:3de2:c37::6, enter the following command:
ServerIronADX# telnet 3001:2837:3de2:c37::6
 
Syntax:
telnet <ipv6-address> [<port-number> | outgoing-interface ethernet <port> | ve <number>]
The <ipv6-address> parameter specifies the address of a remote host. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
The <port-number> parameter specifies the port number on which the Brocade device establishes the Telnet connection. You can specify a value between 1 - 65535. If you do not specify a port number, the Brocade device establishes the Telnet connection on port 23.
If the IPv6 address you specify is a link-local address, you must specify the outgoing-interface ethernet <port> | ve <number> parameter. This parameter identifies the interface that must be used to reach the remote host. If you specify an Ethernet interface, you must also specify the port number associated with the interface. If you specify a VE interface, also specify the VE number.
Establishing a Telnet session from an IPv6 host
To establish a Telnet session from an IPv6 host to the Brocade device, open your Telnet application and specify the IPv6 address of the Layer 3 Switch.
 
IPv6 web management using HTTP and HTTPS
When you have an IPv6 management station connected to a switch with an IPv6 address applied to the management port, you can manage the switch from a Web browser by entering one of the following in the browser address field:
http://[<ipv6 address>]
or
https://[<ipv6 address>]
NOTE: You must enclose the IPv6 address with square brackets [ ] in order for the web browser to work.
Using the IPv6 copy command
The copy command for IPv6 allows you to do the following:
Copying a file to an IPv6 TFTP server
You can copy a file from the following sources to an IPv6 TFTP server:
Copying a file from flash memory
For example, to copy the primary or secondary boot image from the device’s flash memory to an IPv6 TFTP server, enter a command such as the following:
ServerIronADX#copy flash tftp 2001:7382:e0ff:7837::3 test.img secondary
 
This command copies the secondary boot image named test.img from flash memory to a TFTP server with the IPv6 address of 2001:7382:e0ff:7837::3.
Syntax:
copy flash tftp <ipv6-address> <source-file-name> primary | secondary
The <ipv6-address> parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
The <source-file-name> parameter specifies the name of the file you want to copy to the IPv6 TFTP server.
The primary keyword specifies the primary boot image, while the secondary keyword specifies the secondary boot image.
Copying a file from the running or startup configuration
For example, to copy the running configuration to an IPv6 TFTP server, enter a command such as the following:
ServerIronADX#copy running-config tftp 2001:7382:e0ff:7837::3 newrun.cfg
 
This command copies the running configuration to a TFTP server with the IPv6 address of 2001:7382:e0ff:7837::3 and names the file on the TFTP server newrun.cfg.
Syntax:
copy running-config | startup-config tftp <ipv6-address> <destination-file-name>
Specify the running-config keyword to copy the running configuration file to the specified IPv6 TFTP server.
Specify the startup-config keyword to copy the startup configuration file to the specified IPv6 TFTP server.
The tftp <ipv6-address> parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
The <destination-file-name> parameter specifies the name of the file that is copied to the IPv6 TFTP server.
Copying a file from an IPv6 TFTP server
You can copy a file from an IPv6 TFTP server to the following destinations:
Copying a file to flash memory
For example, to copy a boot image from an IPv6 TFTP server to the primary or secondary storage location in the device’s flash memory, enter a command such as the following:
ServerIronADX# copy tftp flash 2001:7382:e0ff:7837::3 test.img secondary
 
This command copies a boot image named test.img from an IPv6 TFTP server with the IPv6 address of 2001:7382:e0ff:7837::3 to the secondary storage location in the device’s flash memory.
Syntax:
copy tftp flash <ipv6-address> <source-file-name> primary | secondary
The <ipv6-address> parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
The <source-file-name> parameter specifies the name of the file you want to copy from the IPv6 TFTP server.
The primary keyword specifies the primary storage location in the device’s flash memory, while the secondary keyword specifies the secondary storage location in the device’s flash memory.
Copying a file to the running or startup configuration
For example, to copy a configuration file from an IPv6 TFTP server to the router’s running or startup configuration, enter a command such as the following.
ServerIronADX#copy tftp running-config 2001:7382:e0ff:7837::3 newrun.cfg
 
This command copies the newrun.cfg file from the IPv6 TFTP server and overwrites the router’s running configuration file with the contents of newrun.cfg.
NOTE: To activate this configuration, you must reload (reset) the device.
Syntax:
copy tftp running-config | startup-config <ipv6-address> <source-file-name> [overwrite]
Specify the running-config keyword to copy the running configuration from the specified IPv6 TFTP server.
Specify the startup-config keyword to copy the startup configuration from the specified IPv6 TFTP server.
The <ipv6-address> parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
The <source-file-name> parameter specifies the name of the file that is copied from the IPv6 TFTP server.
The overwrite keyword specifies that the device should overwrite the current configuration file with the copied file. If you do not specify this parameter, the device copies the file into the current running or startup configuration but does not overwrite the current configuration.
NOTE: You cannot use the overwrite option from non-console sessions, because it will disconnect the session.
IPv6 ping
The ping command allows you to verify the connectivity from a Brocade device to an IPv6 device by performing an ICMP for IPv6 echo test.
For example, to ping a device with the IPv6 address of 2001:3424:847f:a385:34dd::45 from the Brocade device, enter the following command:
ServerIronADX#ping ipv6 2001:3424:847f:a385:34dd::45
 
Syntax:
ping ipv6 <ipv6-address> [outgoing-interface [<port> | ve <number>]] [source <ipv6-address>] [count <number>] [timeout <milliseconds>] [ttl <number>] [size <bytes>] [quiet] [numeric] [no-fragment] [verify]
[data <1-to-4 byte hex>] [brief]
The <ipv6-address> parameter specifies the address of the router. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
The outgoing-interface keyword specifies a physical interface over which you can verify connectivity. If you specify a physical interface, such as an Ethernet interface, you must also specify the port number of the interface. If you specify a virtual interface, such as a VE, you must specify the number associated with the VE.
The source <ipv6-address> parameter specifies an IPv6 address to be used as the origin of the ping packets.
The count <number> parameter specifies how many ping packets the router sends. You can specify from 1 - 4294967296. The default is 1.
The timeout <milliseconds> parameter specifies how many milliseconds the router waits for a reply from the pinged device. You can specify a timeout from 1 - 4294967296 milliseconds. The default is 5000 (5 seconds).
The ttl <number> parameter specifies the maximum number of hops. You can specify a TTL from 1 - 255. The default is 64.
The size <bytes> parameter specifies the size of the ICMP data portion of the packet. This is the payload and does not include the header. You can specify from 0 - 4000. The default is 16.
The no-fragment keyword turns on the "don't fragment" bit in the IPv6 header of the ping packet. This option is disabled by default.
The quiet keyword hides informational messages such as a summary of the ping parameters sent to the device, and instead only displays messages indicating the success or failure of the ping. This option is disabled by default.
The verify keyword verifies that the data in the echo packet (the reply packet) is the same as the data in the echo request (the ping). By default the device does not verify the data.
The data <1 - 4 byte hex> parameter lets you specify a specific data pattern for the payload instead of the default data pattern, "abcd", in the packet's data payload. The pattern repeats itself throughout the ICMP message (payload) portion of the packet.
NOTE: For parameters that require a numeric value, the CLI does not check that the value you enter is within the allowed range. Instead, if you do exceed the range for a numeric value, the software rounds the value to the nearest valid value.
The brief keyword causes ping test characters to be displayed. The following ping test characters are supported:
! Indicates that a reply was received.
. Indicates that the network server timed out while waiting for a reply.
U Indicates that a destination unreachable error PDU was received.
I Indicates that the user interrupted ping.
Disabling router advertisement and solicitation messages
Example  
Router advertisement and solicitation messages enable a node on a link to discover the routers on the same link. By default, router advertisement and solicitation messages are permitted on the device. To disable these messages, configure an IPv6 access control list that denies them. The following shows an example configuration.
Example  
ServerIronADX(config)# ipv6 access-list rtradvert
ServerIronADX(config-ipv6-access-list rtradvert)# deny icmp any any router-advertisement
ServerIronADX(config-ipv6-access-list rtradvert)# deny icmp any any router-solicitation
ServerIronADX(config-ipv6-access-list rtradvert)# permit ipv6 any any

Configuring IPv6 Addressing : IPv6 management