Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000

661

662

663

664

665

666

667

668

669

670

Open Shortest Path First (OSPFv2 and OSPFv3) | 659

To configure IPsec encryption on an interface, enter the following command:

Note that when you configure encryption with the

ipv6 ospf encryption ipsec command, you enable both

IPsec encryption and authentication. However, when you enable authentication on an interface with the

ipv6 ospf authentication ipsec command, you do not enable encryption at the same time.

An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You

must configure the same authentication policy (same SPI and key) on each OSPFv3 interface in a link.

To remove an IPsec encryption policy from an interface, enter the

no ipv6 ospf encryption ipsec spi number

command. To remove null encryption on an interface to allow the interface to inherit the encryption policy

configured for the OSPFv3 area, enter the

no ipv6 ospf encryption null command.

To display the configuration of IPsec encryption policies on the router, enter the

show crypto ipsec policy

command. To display the security associations set up for OSPFv3 interfaces in encryption policies, enter

the

show crypto ipsec sa ipv6 command.

Command Syntax

Command

Mode Usage

ipv6 ospf encryption {null | ipsec

spi

number esp encryption-algorithm

[key-encryption-type] key

authentication-algorithm

[key-authentication-type] key}

INTERFACE Enable IPsec encryption for OSPFv3 packets on an

IPv6-based interface, where:

null causes an encryption policy configured for the

area to not be inherited on the interface.

ipsec spi number is the Security Policy index (SPI)

value. Range: 256 to 4294967295.

esp encryption-algorithm specifies the encryption

algorithm used with ESP. Valid values: 3DES, DES,

AES-CBC, and NULL. For AES-CBC, only the

AES-128 and AES-192 ciphers are supported.

key specifies the text string used in the encryption. All

neighboring OSPFv3 routers must share the same key

to decrypt information. Required lengths of a

non-encrypted or encrypted key are: 3DES - 48 or 96

hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or

64 hex digits for AES-128 and 48 or 96 hex digits for

AES-192.

key-encryption-type (optional) specifies if the key is

encrypted. Valid values: 0 (key is not encrypted) or 7

(key is encrypted).

authentication-algorithm specifies the encryption

authentication algorithm to use. Valid values: MD5 or

SHA1.

key specifies the text string used in used in

authentication. All neighboring OSPFv3 routers must

share the same key to exchange information. For MD5

authentication, the key must be 32 hex digits

(non-encrypted) or 64 hex digits (encrypted). For

SHA-1 authentication, the key must be 40 hex digits

(non-encrypted) or 80 hex digits (encrypted).

key-authentication-type (optional) specifies if the

authentication key is encrypted. Valid values: 0 or 7.