API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

731

732

733

734

735

736

737

738

739

740

Supported

Releases

10.4.0E(R1) or later

area encryption

Configures encryption for an OSPFv3 area.

Syntax

area area-id encryption ipsec spi number esp encryption-type key

authentication-type key

Parameters

● area area-id — Enter an area ID as a number or IPv6 prefix.

● ipsec spi number — Enter a unique security policy index number, from 256 to 4294967295.

● esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC,

or NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported.

● key — Enter the text string used in the encryption algorithm.

● authentication-type — Enter the encryption authentication MD5 or SHA1 algorithm to use.

● key — Enter the text string used in the authentication algorithm.

Default OSPFv3 area encryption is not configured.

Command Mode ROUTER-OSPFv3

Usage

Information

● Before you enable IPsec encryption for an OSPFv3 area, you must enable OSPFv3 globally on each

router.

● When you configure encryption at the area level, both IPsec encryption and authentication are

enabled. You cannot configure encryption if you have already configured an IPsec area authentication

using the area ospf authentication ipsec command. To configure encryption, you must first

delete the authentication policy.

● All OSPFv3 routers in the area must share the same encryption key to decrypt information. Only a

non-encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex

digits; DES — 16 hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192.

● All OSPFv3 routers in the area must share the same authentication key to exchange information. Only

a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain

hex digits. For SHA1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is

not supported.

Example

OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des

1234567812345678 md5

12345678123456781234567812345678

Supported

Releases

10.4.0E(R1) or later

area stub

Defines an area as the OSPF stub area.

Syntax

area area-id stub [no-summary]

Parameters

● area-id—Set the OSPFv3 area ID as an IP address in A.B.C.D format or number, from 1 to 65535.

● no-summary—(Optional) Prevents an ABR from sending summary LAs into the stub area.

Default Not configured

Command Mode ROUTER-OSPFv3

Usage

Information

The no version of this command deletes a stub area.

Example

OS10(config)# router ospfv3 10

OS10(conf-router-ospfv3-10)# area 10.10.1.5 stub

732 Layer 3