The ipv6 address cga command configures a CGA global unicast address.
The undo ipv6 address cga command deletes a CGA global unicast address.
By default, no CGA global unicast addresses is configured.
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } cga
undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } cga
| Parameter | Description | Value |
|---|---|---|
ipv6-address |
Specifies the prefix of an IPv6 address. |
The value is a 128-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
prefix-length |
Specifies the prefix length of an IPv6 address. |
The value is an integer ranging from 1 to 64. |
Ethernet interface view, VLANIF interface view, Eth-Trunk interface view, or BDIF interface view
Usage Scenario
To enable IPv6 SEND to protect ND messages, you need to configure a CGA IPv6 address on an interface. Running the ipv6 address cga command configures a CGA IPv6 global unicast address.
Configuration Impact
If a CGA IPv6 address is configured for an interface, the ND message sent by the interface will carry CGA and RSA options. After receiving the ND message, the remote interface checks the validity of the ND message sender and the integrity of the ND message based on the CGA and RSA options. If a local device is enabled with the strict security mode whereas the remote device is not, the local device regards the messages sent by the remote device invalid and discards them.
Running the undo command without specifying any parameter will delete all IPv6 addresses (including the CGA global unicast address) except the automatically configured IPv6 link-local address.
Follow-up Procedure
Run the ipv6 nd security strict command to enable the strict security mode on the interface.
Precautions
An interface allows the configuration of a maximum of 10 global unicast addresses.
If the system is deleting the binding relationship between an interface and an enabled IPv6 address family VPN instance, you are prompted not to run the ipv6 address cga command.
# Configure a CGA global unicast address on GigabitEthernet 0/0/0.
<sysname> system-view
[sysname] rsa key-pair label huawei modulus 2048
NOTES: If the key modulus is greater than 512, It may take few minutes. Please wait Key Successfully Created
[sysname] interface GigabitEthernet 0/0/0
[sysname-GigabitEthernet0/0/0] ipv6 enable
[sysname-GigabitEthernet0/0/0] ipv6 security rsakey-pair huawei
[sysname-GigabitEthernet0/0/0] ipv6 address 2001:db8::2/64 cga