Authorizing manager access

The following IPv6 commands authorize manager-level access for one link-local station at a time. When you enter a link-local IPv6 address with the ipv6 authorized-managers command, you must also enter a VLAN ID in the format: %vlan <vlan–id>.

Switch(config)# ipv6 authorized-managers
fe80::07be:44ff:fec5:c965%vlan2
Switch(config)# ipv6 authorized-managers
fe80::070a:294ff:fea4:733d%vlan2
Switch(config)# ipv6 authorized-managers
fe80::19af:2cff:fe34:b04a%vlan5

If you do not enter an ipv6-mask value when you configure an authorized IPv6 address, the switch automatically uses FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF as the default IPv6 mask. Also, if you do not specify an access value to grant either Manager- or Operator-level access, by default, the switch assigns manager access.

Default IPv6 mask

Switch# ipv6 authorized-managers 2001:db8::a8:1c:e3:69
Switch# show ipv6 authorized-managers

 IPv6 Authorized Managers
––––––––––––––––––––––––––

Address : 2001:db8::a8:1c:e3:69
Mask    : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Access  : Manager
NOTE:

If you do not enter a value for ipv6-mask in the ipv6 authorized-managers command, the default mask of FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF: is applied.

The next IPv6 command authorizes operator-level access for sixty-four IPv6 stations:32 stations in the subnets defined by 0x0006 and 0x0007 in the fourth block of an authorized IPv6 address:

Switch(config)# ipv6 authorized-managers 2001:db8:0000:0007:231:17ff:fec5:c967 ffff:ffff:ffff:fffe:ffff:ffff:ffff:ffe0 access operator 
		

The following ipv6 authorized-managers command authorizes a single, automatically generated (EUI-64) IPv6 address with manager-level access privilege:

Switch(config)# ipv6 authorized-managers
::223:04ff:fe03:4501 ::ffff:ffff:ffff:ffff