Configuration Guide User guide
1312 FastIron Configuration Guide
53-1002494-02
OSPF V3 configuration
The authentication keyword specifies that the function to specify for the area is packet
authentication.
The ipsec keyword specifies that IPsec is the protocol that authenticates the packets.
The spi keyword and the <spinum> variable specify the index that points to the security
association. The near-end and far-end values for spinum must be the same. The range for
<spinum> is decimal 256 – 4294967295.
The mandatory esp keyword specifies ESP (rather than authentication header) as the protocol to
provide packet-level security. In the current release, this parameter can be esp only.
The sha1 keyword specifies the HMAC-SHA1-96 authentication algorithm. This mandatory
parameter can be only the sha1 keyword in the current release.
Including the optional no-encrypt keyword means that the 40-character key is not encrypted upon
either its entry or its display. The key must be 40 hexadecimal characters.
If no-encrypt is not entered, then the key will be encrypted. This is the default. The system adds the
following in the configuration to indicate that the key is encrypted:
• encrypt = the key string uses proprietary simple crytographic 2-way algorithm.
• encryptb64 = the key string uses proprietary base64 crytographic 2-way algorithm.
The configuration in the preceding example results in the configuration for area 2 that is illustrated
in the following example.
Configuring IPsec for a virtual link
IPsec on a virtual link has a global configuration.
To configure IPsec on a virtual link, enter the IPv6 router OSPF context of the CLI and proceed as
the following example illustrates. (Note the no-encrypt option in this example.)
Brocade(config-ospf6-router)#area 1 vir 2.2.2.2 auth ipsec spi 360 esp sha1
no-encrypt 1234567890098765432112345678990987654321
Syntax: [no] area <area-id> virtual <nbrid> authentication ipsec spi <spinum> esp sha1
[no-encrypt] <key>
The no form of this command deletes IPsec from the virtual link.
The area command and the <area-id> variable specify the area is to be configured. The <area-id>
can be an integer in the range 0 – 2,147,483,647 or have the format of an IP address.
The virtual keyword indicates that this configuration applies to the virtual link identified by the
subsequent variable <nbrid>. The variable <nbrid> is in dotted decimal notation of an IP address.
The authentication keyword specifies that the function to specify for the area is packet
authentication.
The ipsec keyword specifies that IPsec is the protocol that authenticates the packets.
ipv6 router ospf
area 0
area 1
area 2
area 2 auth ipsec spi 400 esp sha1 abcef12345678901234fedcba098765432109876