12-8

User

Guide

for

the

Cisco

Application

Networking

Manager

5.2

OL-26572-01

Chapter

12

Configuring

Network

Access

Configuring

Virtual

Context

VLAN

Interfaces

Enable

Normalization

Check

box

that

specifies

that

normalization

is

to

be

enabled

on

this

interface.

Uncheck

the

check

box

to

indicate

that

normalization

is

to

be

disabled

on

this

interface

for

IPv4,

IPv6,

or

both.

The

IPv6

option

requires

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later.

Caution

Disabling

normalization

may

expose

your

ACE

and

network

to

potential

security

risks.

Normalization

protects

your

networking

environment

from

attackers

by

enforcing

strict

security

policies

that

are

designed

to

examine

traffic

for

malformed

or

malicious

segments.

Enable

IPv6

Field

that

appears

only

for

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later,

and

for

the

Routed

interface

type.

Check

the

check

box

to

enable

IPv6

on

this

interface.

By

default,

IPv6

is

di

sabled.

The

interface

cannot

be

in

bridged

mode.

When

you

enable

IPv6,

t

he

ACE

automatically

does

the

following:

•

Configures

a

link-local

address

(i

f

not

pr

eviously

configured)

•

Performs

duplicate

address

detection

(DAD)

Clear

the

check

box

to

indicate

that

IPv6

is

disabled

on

this

interface.

IPv6

Global

Address

Field

that

appears

only

for

ACE

module

and

ACE

appliance

software

Version

A5(1.0)

or

later,

and

for

the

Routed

interface

type.

A

global

address

is

an

IPv6

unicast

address

that

is

used

for

general

IPv6

communication.

Each

global

address

is

unique

across

the

entire

Internet.

Therefore,

its

scope

is

global.

The

low

order

64

bi

ts

can

be

assigned

in

several

ways,

including

autoconfiguration

using

the

EUI-64

format.

You

can

configure

onl

y

one

gl

obally

uni

que

IPv6

address

on

an

interface.

When

you

configure

a

global

IPv6

address

on

an

interface,

the

ACE

automatically

does

the

following:

•

Configures

a

link-local

address

(i

f

not

pr

eviously

configured)

•

Performs

duplicate

address

detection

(DAD)

on

bo

th

addresses

IPv6

Address

To

configure

an

IPv6

global

address

on

an

interface,

enter

a

complete

IPv6

address

with

a

prefix

of

2000::/3

to

3fff::/3.

For

example,

enter

2001:DB8:1::0.

Check

the

EUI-64

box

to

specify

that

the

low

order

64

bits

are

automatically

generated

in

the

IEEE

64-bit

Extended

Unique

Identifier

(EUI-64)

format

specified

in

RFC

2373.

To

use

EUI-64,

the

Prefix

Length

field

must

be

less

than

or

equal

to

64

and

the

host

segment

must

be

all

zeros.

Alias

IPv6

Address

When

you

configure

redundancy

with

active

and

standby

ACEs,

you

can

configure

a

VLAN

interface

that

has

an

alias

global

IPv6

address

that

is

shared

between

the

active

and

standby

ACEs.

The

alias

IPv6

address

serves

as

a

sha

red

gateway

for

the

t

wo

ACEs

in

a

re

dundant

configuration.

You

can

configure

only

one

alias

global

IPv6

address

on

an

interface.

To

configure

an

IPv6

alias

global

address,

enter

a

complete

IPv6

address

with

a

prefix

of

2000::/3

to

3fff::/3.

For

example,

enter

2001:DB8:1::0.

Note

You

must

configure

redundancy

(fault

tolerance)

on

the

ACE

for

the

alias

global

IPv6

address

to

work.

Table

12-1

VLAN

Interface

Attributes

(continued)

Field

Description