Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

571

572

573

574

575

576

577

578

579

580

Change OSPFv3 Interface Parameters

OS10(config)# interface ethernet 1/1/1

OS10(conf-if-eth1/1/1)# ipv6 ospf hello-interval 5

OS10(conf-if-eth1/1/1)# ipv6 ospf dead-interval 20

OS10(conf-if-eth1/1/1)# ipv6 ospf priority 4

View OSPFv3 Interface Parameters

OS10# show ipv6 ospf interface

ethernet1/1/1 is up, line protocol is up

Link Local Address fe80::20c:29ff:fe0a:d59/64, Interface ID 5

Area 0.0.0.0, Process ID 200, Instance ID 0, Router ID 10.0.0.2

Network Type broadcast, Cost: 1

Transmit Delay is 1 sec, State BDR, Priority 1

Designated Router on this network is 2.2.2.2

Backup Designated router on this network is 10.0.0.2 (local)

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 2.2.2.2(Designated Router)

Default route

You can generate an external default route and distribute the default information to the OSPFv3 routing domain.

• Generate the default route, using the default-information originate [always] command in ROUTER-OSPFv3 mode.

Congure default route

OS10(config)# router ospfv3 100

OS10(config-router-ospf-100)# default-information originate always

View default route conguration

OS10(config-router-ospf-100)# show configuration

router ospfv3 100

default-information originate always

OSPFv3 IPsec authentication and encryption

Unlike OSPFv2, OSPFv3 does not have authentication elds in its protocol header to provide security. To provide authentication and

condentiality, OSPFv3 uses IP Security (IPsec) — a collection of security protocols for authenticating and encrypting data packets. OS10

OSPFv3 supports IPsec using the IPv6 authentication header (AH) or IPv6 encapsulating security payload (ESP).

• AH authentication veries that data is not altered during transmission and ensures that users are communicating with the intended

individual or organization. The authentication header is inserted after the IP header with a value of 51. MD5 and SHA1 authentication

types are supported; encrypted and unencrypted keys are supported.

• ESP encryption encapsulates data, enabling data protection that follows in the datagram. The ESP extension header is inserted after

the IP header and before the next layer protocol header. 3DES, DES, AES-CBC, and NULL encryption algorithms are supported;

encrypted and unencrypted keys are supported.

Apply IPsec authentication or encryption on a physical, port-channel, or VLAN interface or in an OSPFv3 area. Each conguration consists

of a security policy index (SPI) and the OSPFv3 packets validation key. After you congure an IPsec protocol for OSPFv3, IPsec operation

is invisible to the user.

You can only enable one authentication or encryption security protocol at a time on an interface or for an area. Enable IPsec AH using the

ipv6 ospf authentication command; enable IPsec ESP with the ipv6 ospf encryption command.

• A security policy congured for an area is inherited on all interfaces in the area by default.

• A security policy congured on an interface overrides any area-level congured security for the area where the interface is assigned.

• The congured authentication or encryption policy applies to all OSPFv3 packets transmitted on the interface or in the area. The IPsec

security associations are the same on inbound and outbound trac on an OSPFv3 interface.

Layer 3

571