Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

How to Configure an IPv6 CIPSO Network in Trusted Extensions

For IPv6, Trusted Extensions uses the Common Architecture Label IPv6 Security Option (CALIPSO) as the security labeling protocol. No configuration is required. If you must communicate with systems that run the obsolete Trusted Extensions IPv6 CIPSO protocol, perform this procedure. To communicate with other CALIPSO systems, do not perform this procedure.


Caution

Caution  - A system that uses the CALIPSO for IPv6 protocol cannot communicate with any systems that use the obsolete TX IPv6 CIPSO protocol because these protocols are incompatible.


The obsolete Trusted Extensions IPv6 CIPSO options do not have an Internet Assigned Numbers Authority (IANA) number to use in the IPv6 Option Type field of a packet. The entry that you set in this procedure supplies a number to use on the local network.

Before You Begin

Perform this procedure if you must communicate with systems that use the proprietary yet obsolete Trusted Extensions IPv6 CIPSO security labeling option.

You are in the root role in the global zone.

  • Type the following entry into the /etc/system file:
    set ip:ip6opt_ls = 0x0a

Troubleshooting

    If error messages during boot indicate that your IPv6 CIPSO configuration is incorrect, correct the entry. For example, a misspelled entry produces the following message: sorry, variable 'ip6opt_1d' is not defined in the 'ip' module. Verify that the entry is spelled correctly.

  • Correct the entry.

  • Verify that the system has been rebooted after adding the correct entry to the /etc/system file.

Next Steps

You must reboot the system before configuring LDAP or creating labeled zones.