ipv6

Use the ipv6 command to configure IPv6 settings for the GigaVUE H Series node’s Mgmt port, including enabling the use of IPv6, setting the default IPv6 gateway, and configuring static mappings and routes for IPv6. Note that most users configure these settings using the config jump-start script during the initial deployment of the system. Refer to the Hardware Installation Guide for details.

The ipv6 command has the following syntax:

ipv6
   default-gateway <next hop IP address or interface name> <eth0, eth1...>
   dhcp
      primary intf <interface name>
      stateless
   enable
   filter
      chain <chain>
         clear
         policy <policy>
         rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target>
            move <old rule number> to <new rule number>
               [comment <comment> | dest-addr <network prefix> <netmask> | dest-port <port or port range> |
                  dup-delete | in-intf <interface>| not-dest-addr <network prefix> <netmask> | not-dest-port
                  <port or port range> | not-in-intf <interface> | not-out-intf <interface> | not-protocol <protocol> |
                  not-source-addr <network prefix> <netmask> | not-source-port <port or port range> |
                  out-intf <interface> | protocol <protocol> | source-addr <network prefix> <netmask> |
                  source-port <port or port range> | state <state>]
      enable
      options include-bridges
   host <hostname> <IPv6 address>
   map-hostname
   neighbor <IPv6 address> <interface name> <MAC address>
   route <IPv6 prefix> <next hop IPv6 address or interface name> [eth0, eth1...]

The following table describes the arguments for the ipv6 command:

Argument

Description

default-gateway <next hop IP address or interface name> <eth0, eth1...>

Sets the default IPv6 gateway for the specified interface (eth0-Mgmt, eth1-Stacking, or lo-loopback).

dhcp
primary intf <interface name>
stateless

Configures global DHCP settings as follows:

●

primary intf—Sets the interface from which non-interface-specific configuration (resolver and routes) will be accepted through DHCP. Leave this set to eth0 (the Mgmt port).

●

stateless—Enables or disables stateless DHCP requests. Stateless information is mainly DNS configuration, so this option excludes getting an IPv6 address from the server.

enable

Enables the use of IPv6 generally. Both IPv6 and IPv4 can be enabled at the same time.

filter
   chain <chain>
      clear
      policy <policy>
      rule <append tail | insert | set | modify | move>
   enable
   options include-bridges

Configures IP filtering as follows:

●

chain <chain>—Specifies he chain. The only chains allowed are FORWARD, INPUT, and OUTPUT.

clear—Deletes all rules from a given chain.

Note: The clear parameter deletes all IP filter rules, which can result in loss of connectivity between nodes in a cluster. Rather than clearing all IP filters, delete only the specific filters that are no longer required. If you use clear, the following warning is displayed:

ST1 [ST1: standby] (config) # ip filter chain FORWARD clear

WARNING !! Clearing the ip filter INPUT chain may impact mgmt and clustering ports and operations!!

Enter 'YES' to confirm this operation:

policy <policy>—Sets the policy (the default target) for a specified chain. The only targets allowed are ACCEPT and DROP. The rules on this chain will be overrides of this default.

rule—Appends, inserts, sets, modifies, or moves a rule. The chains and targets allowed are the same as for policy. For details on rules, refer to rule.

●

enable—Enables or disables IP filtering of network traffic. The default is disabled.

●

options include-bridges—Enables or disables IP packet filtering for bridges. The default is disabled. (This is not supported.)

The default policies for each chain are as follows:

●

OUTPUT: ACCEPT

●

INPUT: DROP

●

FORWARD: DROP

For configuration examples, refer to IP Filter Chains for Security.

rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target> move <old rule number> to <new rule number>
   comment <comment>
   dest-addr <network prefix> <netmask>
   dest-port <port or port range>
   dup-delete
   in-intf <interface>
   not-dest-addr <network prefix> <netmask>
   not-dest-port <port or port range>
   not-in-intf <interface>
   not-out-intf <interface>
   not-protocol <protocol>
   not-source-addr <network prefix> <netmask>
   not-source-port <port or port range>
   out-intf <interface>
   protocol <protocol>
   source-addr <network prefix> <netmask>
   source-port <port or port range>
   state <states>

Specifies the position of a rule, which is determined by the arguments that follow rule, as follows:

●

append tail—Adds a new rule after all existing rules.

●

insert <rule number>—Inserts a new rule before the existing rule with the specified rule number. The specified rule number must be an existing rule. The specified rule number and all rules above it will be renumbered to make room for the new rule.

●

set <rule number>—Specifies the rule number of an existing rule and overwrites it with the new rule.

●

modify <rule number>—Modifies an existing rule at a specified rule number.

●

move—Moves an existing rule to a different position in the same chain. It is inserted at the new location, removed from the old location, and the surrounding rules are renumbered.

Note the following:

●

Rule numbers are contiguous (there are no spaces between rule numbers).

●

There must always be at least one rule.

●

You can have multiple rules with the same target.

●

All of the arguments after the target are optional.

The targets are as follows:

●

DROP

Netmask can be specified either as a netmask or a mask length (for example: 255.255.255.0 or /24).

Dup-delete specifies that after adding or modifying a rule, delete all other existing rules that are duplicates of it. (Duplicates are otherwise not detected.)

The available protocols are as follows:

●

tcp, udp, icmp, igmpv6, ah, esp, all

If tcp or udp are specified, you can specify source or destination ports.

State classifies the packet relative to existing connections. The states are as follows:

●

ESTABLISHED—means it is associated with an existing connection that has seen traffic in both directions.

●

RELATED—means it opens a new connection, but one that is related to an established connection.

●

NEW—means it opens a new, unrelated connection.

You can enter more than one state by separating them with a comma.

host <hostname> <IPv6 address>

Configures a static mapping between the specified hostname and IPv6 address. The hostname must be a valid Domain Name Service (DNS) name.

Note: IPv6 must be enabled before you can configure an IPv6 syslog server. If IPv6 is not enabled, the following error message is displayed:

(config) # logging fdc9:5895:4203:95c0:4203:95c0:4146:36cc

% IPv6 is disabled. IPv6 address/dns name fdc9:5895:4203:95c0:4203:95c0:4146:36cc is not allowed.

For example:

(config) # ipv6 enable

(config) # ipv6 host syslog.ipv6 fdc9:5895:4203:95c0:4203:95c0:4146:36cc

map-hostname

Specifies a static IPv6 host mapping for the current hostname.

neighbor <IPv6 address> <interface name> <MAC address>

Configures static IPv6/MAC (link layer) neighbor pairs for eth0 or eth1.

route <IPv6 prefix> <next hop IPv6 address or interface name> [eth0, eth1...]

Adds an IPv6 static route by specifying the nexthop interface name or IPv6 address for a particular IPv6 network prefix. For example:

(config) # ipv6 route 2001:db8:701f::/48 fdc9:5895:4203:95c0:4203:95c0:4146:36cc eth0

Related Commands

The following table summarizes other commands related to the ipv6 command:

Task	Command
Displays IPv6 information.	# show ipv6
Displays active IPv6 default routes.	show ipv6 default-gateway
Displays configured IPv6 default routes.	show ipv6 default-gateway static
Displays DHCP configuration information.	show ipv6 dhcp
Displays IP filtering configuration or status.	show ipv6 filter
Displays IP filtering state (including unconfigured rules).	show ipv6 filter all
Displays IP filtering configuration.	show ipv6 filter configured
Displays all IPv6 neighbors, including both static and dynamic entries.	show ipv6 neighbors
Displays all statically-configured IPv6 neighbors.	show ipv6 neighbors static
Displays active IPv6 routes, both dynamic and static.	show ipv6 route
Displays configured static IPv6 routes.	show ipv6 route static
Deletes all static IPv6 default routes.	(config) # no ipv6 default-gateway
Reverts to the default interface from which non-interface-specific (resolver) configuration will be accepted through DHCPv6.	(config) # no ipv6 dhcp primary-intf
Disables stateless DHCPv6 requests (request all information, including an IPv6 address).	(config) # no ipv6 dhcp stateless
Disables IPv6 for the entire system.	(config) # no ipv6 enable
Resets the policy (the default target) for a specified chain to the default.	(config) # no ipv6 filter chain FORWARD policy
If you specify a chain and rule, deletes the rule and renumbers rules to close the gap. If you specify a chain only, deletes all the rules in that chain and resets the chain's policy to the default.	(config) # no ipv6 filter chain INPUT rule 2
Disables IP filtering for IPv6.	(config) # no ipv6 filter enable
Does not apply IP filters to bridges. (This is not supported.)	(config) # no ipv6 filter options include-bridges
Deletes static hostname/IPv6 address mappings.	(config) # no ipv6 host localhost6
Does not ensure a static host mapping for current hostname.	(config) # no ipv6 map-hostname
Deletes static IPv6 neighbor MAC (link layer) address mappings.	(config) # no ipv6 neighbor fe80::209:fff:fe4a:e5ce eth0 00:09:0F:4A:E5:CE
Deletes an IPv6 static route.	(config) # no ipv6 route ::/0