< Home

Configuring the CGA

The CGA is an IPv6 address generated using a public key and the hash algorithm. Two communication parties can authenticate the CGA of each other to defend against spoofing attacks. The Rivest-Shamir-Adleman Algorithm (RSA) can be used to protect packet integrity.

Procedure

  1. Access the system view.

    system-view

  2. Set the local public and private key pair.

    pki rsa local-key-pair create

    After the command is executed, you are prompted to enter the length of host key. To enhance security, the length of host key is recommended to be longer than 1024 bits.

  3. Access the interface view.

    interface interface-type interface-number

  4. Bind an RSA key pair to the interface to generate a CGA address.

    ipv6 security rsakey-pair key-label

  5. Set the modifier value and security level for the CGA address.

    ipv6 security modifier sec-level sec-value [ modifier-value ]

    The modifier value can be manually configured only when the security level of the CGA address is 0.

  6. Configure a CGA IPv6 address.

    ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } cga

    Or

    ipv6 address ipv6-address link-local cga

Follow-up Procedure

Run the ipv6 nd security strict command to enable the strict security mode on the interface.

If a local device is enabled with the strict security mode whereas the remote device is not, the local device considers the messages sent by the remote device invalid and discards them.

Parent Topic: Configuring IPv6 SEND
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >