Extreme Management Center Configuration Considerations

Review the following configuration consideration when installing and configuring the Extreme Management Center suite of network management applications.

IPv6 Support

The following section describes support for IPv6 in the Management Center suite of applications. With the release of version 3.3, Management Center provides basic support for communicating with devices using an IPv6 address.

Enabling IPv6 on your OS

IPv6 must be enabled in your operating system for Management Center to be able to use it. Most current operating systems ship with IPv6 enabled by default. To verify that IPv6 is enabled on your operating system, refer to your operating system documentation for more information.

Enabling IPv6 in Management Center

Management Center uses the NetSNMP stack to add support for IPv6 to the product suite. To enable IPv6 you must use the Advanced SNMP suite option to enable IPv6.

  1. Select Administration > Options in the menu bar. The Options tab opens.
  2. In the left-panel tree, select the SNMP Advanced Settings.
  3. Select the Use NetSNMP IPv6 option checkbox.
  4. Click Save or check the Autosave checkbox.
  5. For this setting to take effect, the Management Center Server must be restarted.
  6. If you are binding to an IPv6 address, edit the .netsight file to bind to the server's hostname. You must use the server's hostname instead of IP address when connecting to the server from a remote client machine.

IPv6 Addressing Notations Supported

Management Center supports all of the following IPv6 addressing notations.

The following information is taken from RFC 4291, "IP Version 6 Addressing Architecture." To read the complete RFC, see http://www.ietf.org/rfc/rfc4291.txt.

There are three conventional forms for representing IPv6 addresses as text strings:

  1. The preferred form is x:x:x:x:x:x:x:x, where the 'x's are one to four hexadecimal digits of the eight 16-bit pieces of the address.
    Examples:

    ABCD:EF01:2345:6789:ABCD:EF01:2345:6789

    2001:DB8:0:0:8:800:200C:417A

    Note that it is not necessary to write the leading zeros in an individual field, but there must be at least one numeral in every field (except for the case described in 2.).
  2. Due to some methods of allocating certain styles of IPv6 addresses, it is common for addresses to contain long strings of zero bits. In order to make writing addresses containing zero bits easier, a special syntax is available to compress the zeros. The use of "::" indicates one or more groups of 16 bits of zeros. The "::" can only appear once in an address. The "::" can also be used to compress leading or trailing zeros in an address.

    For example, the following addresses:

    2001:DB8:0:0:8:800:200C:417Aa unicast address
    FF01:0:0:0:0:0:0:101a multicast address
    0:0:0:0:0:0:0:1  the loopback address
    0:0:0:0:0:0:0:0 the loopback address

    may be represented as

    2001:DB8::8:800:200C:417Aa unicast address
    FF01::101a multicast address
    ::1 the loopback address
    :: the loopback address
  3. An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation). Examples:
    0:0:0:0:0:0:13.1.68.3
    0:0:0:0:0:FFFF:129.144.52.38

    or in compressed form:
    ::13.1.68.3
    ::FFFF:129.144.52.38

Management Center Features that Support IPv6 Addressing

Core Management Center Features

The following core Management Center features support IPv6 addresses:

  • MIB Tools
  • Device Manager
  • Device Tree functionality
  • Add Device
  • Device Import and Export
  • FlexViews
  • IPv6 SNMP Status polling and Ping polling (ICMP on Linux, TCP echo on windows)
  • Syslog parsing with IPv6 addresses
  • IPv6 Ping support
  • Telnet and SSH support for IPv6 (using PuTTY)
  • Management Center server binding to IPv6 address
  • SNMP Redirect
  • Client/Server detection of IPv6 support to allow Warning users about limitations
  • IPv6 support for the Command Script tool

Compass Support for Searching IPv6 Devices

  • Support for ipNetToPhysical (RFC 4293)
  • Support for ipv6NetToMedia (RFC 2465)
  • Support for inetCidrRouteTable (RFC 4292)

Policy Manager Support

Policy Manager supports enforcing to devices modeled with an IPv6 address. Policy Manager also supports IP to Role Mapping using IPv6 addresses, and the following IPv6 rules:

  • IPv6 Address Source, IPv6 Address Destination, and IPv6 Address Bilateral rules.
  • IPv6 Socket Source, IPv6 Socket Destination, and IPv6 Socket Bilateral rules.
  • IPv6 Flow Label rules.
  • ICMPv6 rules.
  • IP UDP Port Source, IP UDP Port Destination, IP UDP Port Bilateral rules using an IPv6 address.
  • IP TCP Port Source, IP TCP Port Destination, IP TCP Port Bilateral rules using an IPv6 address.

NAC Manager Support

NAC Manager provides an advanced option (Tools > Options > NAC Manager > Advanced Settings) to enable IPv6 end-system support. Enabling this option allows NAC Manager to collect, report, and display IPv6 addresses for end-systems in the end-systems table. When this option is changed, you must enforce your engines before the new settings takes effect. In addition, end-systems need to rediscover their IP addresses in order to reflect the change in the end-system table. This can be done by either deleting the end-system or performing a Force Reauth on the end-system.

Only end-systems with a valid IPv4 address as well as one or more IPv6 addresses are supported. End-systems with only IPv6 addresses are not supported.

The following end-system functionality is available for end-systems with a valid IPv4 address as well as one or more IPv6 addresses:

     End-System table display of IPv6 addresses*
     NAC Dashboard display of IPv6 addresses
     Force Reauth
     Add to MAC Group
     Lock MAC
     Port Monitor
     End-System Summary
     Basic End-System Search
     Delete end-system
     Edit Custom Information
     Registration
     Hostname Resolution
     OS Detection

*Old IPv6 addresses are not automatically cleared from the end-system table. If an end-system's IPv6 address changes, the old IPv6 address may continue to be displayed.

The following end-system functionality is not available for end-systems with a valid IPv4 address as well as one or more IPv6 addresses:

     Add to IP Group
     Assessment
     Remediation
     Configuration Evaluation Tool
     Advanced End-System Search
     IPv6 rules
     Ping
     NetBIOS

Inventory Manager Support

Inventory Manager supports IPv6 on Linux operating systems or with a third-party TFTP server. The TFTP service provided for Windows operating systems does not support IPv6.

Known Limitations

General Limitations

  • IPv6 devices cannot be reached from clients not running IPv6 protocol stacks on their NICs.
  • When IPv6 is enabled, Windows sends TCP Echo instead of ICMP packets for Ping polling status for both IPv4 and IPv6 devices.
  • Stackable devices do not currently support setting an IPv6 RADIUS server address.

Management Center Applications That Do Not Support IPv6

  • ACL Manager
  • RoamAbout Wireless Manager

Device Limitations

Not all devices support IPv6. Refer to your device Firmware Release Notes to determine if the device supports IPv6 and contains the required MIBs.

06/2017
7.1 Revision -00

Contents Subject to Change Without Notice