Manualshelf

Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000
661662663664665666667668669670
Open Shortest Path First (OSPFv2 and OSPFv3) | 657
IPsec security associations (SAs) are supported only in transport mode (tunnel mode is not
supported).
ESP with null encryption is supported for authenticating only OSPFv3 protocol headers.
ESP with non-null encryption is supported for full confidentiality.
3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and
unencrypted keys are supported.
To configure an IPsec security policy for authenticating or encrypting OSPFv3 packets on a physical,
port-channel, or VLAN interface or OSPFv3 area, perform any of the following tasks:
Configuring IPsec Authentication on an Interface
Configuring IPsec Encryption on an Interface
Configuring IPsec Authentication for an OSPFv3 Area
Configuring IPsec Encryption for an OSPFv3 Area
Displaying OSPFv3 IPsec Security Policies
Configuring IPsec Authentication on an Interface
Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, you must first enable IPv6
unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an
area (see Configuration Task List for OSPFv3 (OSPF for IPv6)).
Note: You may encrypt all keys on a router by using the service password-encryption command in
global configuration mode. However, this command does not provide a high level of network security. To
enable key encryption in an IPsec security policy at an interface or area level, specify 7 for
[key-encryption-type] when you enter the ipv6 ospf authentication ipsec or ipv6 ospf encryption ipsec
command.