The ipv6 nd security key-length command sets a key length that is allowed on an interface.
The undo ipv6 nd security key-length command restores the default key length.
By default, the minimum key length is 512 bits and the maximum key length is 2048 bits.
| Parameter | Description | Value |
|---|---|---|
| minimum keylen-value |
Specifies the minimum key length allowed on the interface. |
The value is an integer ranging from 384 to 4096, in bits. |
| maximum keylen-value |
Specifies the maximum key length allowed on the interface. |
The value is an integer ranging from 384 to 4096, in bits. |
100ge sub-interface view, 100GE interface view, 10GE sub-interface view, 10GE interface view, 200GE sub-interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk sub-interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE sub-interface view, GE interface view, GE electrical interface view, Global VE sub-interface view, PW-VE sub-interface view, PW-VE interface view, VBDIF interface view, VE sub-interface view, VLANIF interface view, Management interface view
Usage Scenario
After an interface enabled with the strict security mode receives an ND message, it verifies the RSA key in the ND message to determine whether the ND message is secure. To set a key length that is allowed on an interface, you can run the ipv6 nd security key-length command. If the key length of the received ND message is out of the length range allowed on the interface, the interface regards the ND message insecure and discards it.
Prerequisites
IPv6 has been enabled on the involved interface using the ipv6 enable command.
Follow-up Procedure
Run the ipv6 nd security strict command to enable the strict security mode on the interface.
<HUAWEI> system-view [~HUAWEI] interface GigabitEthernet 0/1/1 [~HUAWEI-GigabitEthernet0/1/1] ipv6 enable [*HUAWEI-GigabitEthernet0/1/1] ipv6 nd security key-length minimum 1500 maximum 2000 [*HUAWEI-GigabitEthernet0/1/1] ipv6 nd security strict