IP Router Configuration
Router Configuration Guide 39
See the section Making non-persistent CGAs persistent for more information on the
procedure to make non-persistent CGAs persistent,
HA
For the synchronization of the RSA key pair file in cfx:\system-pki\ used by SeND, the
following commands for automatic and manual certificate synchronization are used:
• manual: admin redundancy synchronize cert
• automatic: configure redundancy cert-sync
SeND also synchronizes the RSA key pair to the standby CPM as it is done in the previous
release.
Persistent CGA Modifier
The modifier used during the CGA generation will be saved in the configuration file. The
CGA itself is not stored.
Based on the stored modifier and RSA key pair, the same CGA can be regenerated.
The modifier is needed to be sent out in ND messages.
By storing the modifier in the configuration file, the operator can also configure an offline
generated modifier (possibly with a security parameter > 1).
Example 1: Configure a SeND interface without modifiers.
configure router interface itf1
address 10.10.10.1
port 1/1/1
ipv6
secure-nd
no shutdown
=> A modifier is generated based on the actual RSA key pair (that is, imported or auto-
generated). The modifier is used to generate a link-local CGA.
=> The modifier is saved in the interface configuration file.
exit
address 2000:1::/64
=> A modifier is generated based on the actual RSA key pair. The modifier is used to
generate the global CGA.
=> The modifier is stored in the interface configuration file.
To Next Page
Loading...
