< Home

ipv6 security rsakey-pair

Function

The ipv6 security rsakey-pair command binds an RSA key pair to an interface.

The undo ipv6 security rsakey-pair command unbinds an RSA key pair from an interface.

By default, an RSA key pair is not bound to an interface.

Format

ipv6 security rsakey-pair key-label

undo ipv6 security rsakey-pair key-label

Parameters

Parameter Description Value
key-label

Specifies the name of an RSA key pair.

The value is a string of 1 to 35 case-sensitive characters without spaces.

Views

Ethernet interface view, Eth-Trunk interface view, VLANIF interface view, BDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An RSA key pair can be used to generate a modifier value and a CGA address on an interface only after the ipv6 security rsakey-pair command is run to bind the RSA key pair to the interface.

After a CGA address is configured for an interface, the ND messages sent by the interface are protected against attacks.

Precautions

The binding between an RSA key pair and an interface cannot be deleted in the following cases:

  • A modifier value and a security level are configured on the interface.
  • A CGA address is configured on the interface.

Example

# Bind a key pair named huawei to GE 1/0/0.

<sysname> system-view
[sysname] rsa key-pair label huawei modulus 2048
 NOTES: If the key modulus is greater than 512, It may take few minutes. Please
wait

 Key Successfully Created 
[sysname] interface GigabitEthernet 0/0/0
[sysname-GigabitEthernet0/0/0] ipv6 enable
[sysname-GigabitEthernet0/0/0] ipv6 security rsakey-pair huawei
Parent Topic: IPv6 Neighbor Discovery Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >