ipv6 security modifier

Function

The ipv6 security modifier command sets a modifier value and a security level for a CGA address.

The undo ipv6 security modifier command deletes the modifier value and security level of a CGA address.

By default, no modifier value is set for a CGA address and the security level is 0.

Format

ipv6 security modifier sec-level sec-value [ modifier-value ]

undo ipv6 security modifier

Parameters

Parameter	Description	Value
sec-level sec-value	Specifies the security level of the CGA address. 1 indicates the highest security level. If the security level is 1, the modifier value will be automatically generated. The modifier value can be manually configured only when the security level of the CGA address is 0.	The value is an integer that can be 0 or 1.
modifer-value	Specifies the modifier value of the CGA address.	The value is a 32-digit hexadecimal number, in the format of XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX.

Parameter

Description

Value

sec-level sec-value

Specifies the security level of the CGA address.

1 indicates the highest security level. If the security level is 1, the modifier value will be automatically generated.

The modifier value can be manually configured only when the security level of the CGA address is 0.

The value is an integer that can be 0 or 1.

modifer-value

Specifies the modifier value of the CGA address.

The value is a 32-digit hexadecimal number, in the format of XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX.

Views

Ethernet interface view, Eth-Trunk interface view, VLANIF interface view, BDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Before configuring a CGA address, you need to run the ipv6 security modifier command to set a modifier value and a security level for the CGA address. A CGA address is calculated by using a specific algorithm based on the RSA key, modifier value, and security level. The higher the security level, the securer the generated CGA address.

After a CGA address is configured for an interface, the ND messages sent by the interface are protected against attacks.

Configuration Impact

If a modifier value and a security level have already been configured on an interface, the binding between the RSA key pair and the interface cannot be deleted.

Precautions

The modifier value can be manually configured only when the security level of the CGA address is 0.

If a CGA address has been configured on an interface, the modifier value and security level of the CGA address cannot be deleted.

This command is not supported in the loopback interface view.

Example

# Configure a modifier value and a security level for the CGA address on GE 1/0/0.

<sysname> system-view

[sysname] rsa key-pair label huawei modulus 2048

 NOTES: If the key modulus is greater than 512, It may take few minutes. Please
wait

 Key Successfully Created

[sysname] interface GigabitEthernet 0/0/0

[sysname-GigabitEthernet0/0/0] ipv6 enable

[sysname-GigabitEthernet0/0/0] ipv6 security rsakey-pair huawei

[sysname-GigabitEthernet 0/0/1] ipv6 security modifier sec-level 0