Reference Guide

NOTE: To encrypt all keys on a router, use the service password-encryption command in Global

Configuration mode. However, this command does not provide a high level of network security. To enable key

encryption in an IPsec security policy at an interface or area level, specify 7 for [key-encryption-type]

when you enter the ipv6 ospf authentication ipsec or ipv6 ospf encryption ipsec

• To configure an IPsec security policy for authenticating or encrypting OSPFv3 packets on a physical, port-

To configure, remove, or display IPsec authentication on an interface, use the following commands.

Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally,

configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List

for OSPFv3 (OSPF for IPv6)).

The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. Configure the

same authentication policy (the same SPI and key) on each OSPFv3 interface in a link.

• Enable IPsec authentication for OSPFv3 packets on an IPv6-based interface.

INTERFACE mode

ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} [key-

encrypted) or 7 (key is encrypted).

exchange information. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits

(encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits

(encrypted).

• Remove an IPsec authentication policy from an interface.

no ipv6 ospf authentication ipsec spi number

• Remove null authentication on an interface to allow the interface to inherit the authentication policy configured for

the OSPFv3 area.