CGA stands for cryptographic generated address. Using this method of address generation, it is supposed that address spoofing could be eliminated.
Rfc 3972 states:
The basic idea is to generate the interface identifier of the IPv6 address by computing a cryptographic hash of the public key. The resulting IPv6 address is called a cryptographically generated address (CGA). The corresponding private key can then be used to sign messages sent from the address.
Let us configure the routers to generate Cryptographic Address.
- A RSA must be generated as SeND uses public/private key pairs.
- Then this RSA key is used to generate the CGA modifier.
- Finally the interface is told to use CGA.
R1(config)#crypto key generate rsa modulus 1024 label SEND
The name for the keys will be: SEND
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]