Administrator Guide

ManualsBrandsDell ManualsserversDell Force10 MXL Blade

561

562

563

564

565

566

567

568

569

570

• Enable IPsec encryption for OSPFv3 packets in an area.

CONF-IPV6-ROUTER-OSPF mode

area area-id encryption ipsec spi number esp encryption-algorithm [key-encryption-type]

key authentication-algorithm [key-authentication-type] key

– area area-id: species the area for which OSPFv3 trac is to be encrypted. For area-id, enter a number or an IPv6

prex.

– spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295.

– esp encryption-algorithm: species the encryption algorithm used with ESP. The valid values are 3DES, DES, AES-

CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported.

– key: species the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt

information. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex

digits; AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192.

– key-encryption-type: (optional) species if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is

encrypted).

– authentication-algorithm: species the authentication algorithm to use for encryption. The valid values are MD5 or

SHA1.

– key: species the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange

information. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1

authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted).

– key-authentication-type: (optional) species if the authentication key is encrypted. The valid values are 0 or 7.

• Remove an IPsec encryption policy from an OSPFv3 area.

no area area-id encryption ipsec spi number

• Display the conguration of IPsec encryption policies on the router.

show crypto ipsec policy

Displaying OSPFv3 IPsec Security Policies

To display the conguration of IPsec authentication and encryption policies, use the following commands.

• Display the AH and ESP parameters congured in IPsec security policies, including the SPI number, key, and algorithms used.

EXEC Privilege mode

show crypto ipsec policy [name name]

– name: displays conguration details about a specied policy.

• Display security associations set up for OSPFv3 links in IPsec authentication and encryption policies on the router.

EXEC Privilege

show crypto ipsec sa ipv6 [interface interface]

To display information on the SAs used on a specic interface, enter interface interface, where interface is one of the

following values:

– For a Port Channel interface, enter the keywords port-channel number.

– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.

– For a 40-Gigabit Ethernet interface, enter the keyword FortyGigabitEthernet then the slot/port information.

– For a VLAN interface, enter the keywords vlan vlan-id. The valid VLAN IDs are from 1 to 4094.

Example of the show crypto ipsec policy Command

Example of the show crypto ipsec sa ipv6 Command

Open Shortest Path First (OSPFv2 and OSPFv3)

569