IBM Support

How do I control whether the ISAM appliance uses IPv6

How To


Summary

Some of the underlying components on my appliance, such as NTP, are not working as expected because I'm using IPv6 addresses.

Is there a way to totally disable IPv6 on my appliance? Or maybe selectively disable it on a per-interface basis?

Objective

The objective of this article is to show how to use Advanced Tuning Parameters in the ISAM Appliance LMI to disable IPv6 on the Appliance

Environment

ISAM 9.0.X

Steps

1) Log into your ISAM Appliance Local Management Interface (LMI) via a Web Browser
2) Navigate to 'Manage System Settings -> System Settings -> Advanced Tuning Parameters'
3) Select the 'New' button to create a new Advanced Tuning Parameter
The following is reference for the two Advanced Tuning Parameters presented in this document :

Disable IPv6 for all interfaces
Key : sysctl.net.ipv6.conf.all.disable_ipv6
Value : 1

Selectively disable IPv6 for a specific interface :
Key : sysctl.net.ipv6.conf.<interface>.disable_ipv6
Value : 1

You need to substitute a value in for '<interface>'.
The appliance uses interface names of 'eth#' starting at 'eth0' for interface '1.1'.
The appliance uses the name 'lo' for the loopback address.
4) After you apply the Advanced Tuning Parameters you'll need to deploy the Pending Changes
5) Finally, reboot the appliance
6) Verify that there are no IPv6 addresses by using SSH to run the following command from the Appliance Command Line Interface (CLI) :
> tools connections

There should be only  IPv4 addresses present.

Example output :
isam9060lmi.hyperv.lab> tools connections
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:9443          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2020          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:22983         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2024          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2027          0.0.0.0:*               LISTEN
tcp        0      0 10.2.1.16:22            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9080          0.0.0.0:*               LISTEN
tcp        0      0 10.2.1.16:9081          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9081          0.0.0.0:*               LISTEN
tcp        0      0 10.2.1.16:443           0.0.0.0:*               LISTEN
tcp        0     52 10.2.1.16:22            10.2.0.1:33374          ESTABLISHED
tcp        0      0 127.0.0.1:22983         127.0.0.1:47156         ESTABLISHED
tcp        0      0 127.0.0.1:47156         127.0.0.1:22983         ESTABLISHED
udp        0      0 127.0.0.1:50524         127.0.0.1:50524         ESTABLISHED
udp        0      0 127.0.0.1:63104         127.0.0.1:63104         ESTABLISHED
...
The above will successfully disable IPv6 on your appliance.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQRZH","label":"IBM Security Access Manager Appliance"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

ISAM; IBM Security Access Manager; ISAM Appliance; IBM Security Access Manager appliance;

Document Information

Modified date:
25 July 2019

UID

ibm10958937

Page Feedback