Reference Guide
Example
OS10(config)# interface vlan 10
OS10(conf-if-vl-10)# ipv6 ospf cost 10
Supported Releases 10.3.0E or later
ipv6 ospf dead-interval
Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the
router dead.
Syntax
ipv6 ospf dead-interval seconds
Parameters seconds — Enter the dead interval value in seconds (1 to 65535).
Default 40 seconds
Command Mode INTERFACE
Usage Information The dead interval is four times the default hello-interval by default. The no version of this command removes the
IPv6 OSPF dead-interval conguration.
Example
OS10(config)# interface vlan 10
OS10(conf-if-vl-10)# ipv6 ospf dead-interval 10
Supported Releases 10.3.0E or later
ipv6 ospf encryption
Congures OSPFv3 encryption on an IPv6 interface.
Syntax
ipv6 ospf encryption {ipsec spi number esp encryption-type key authentication-
type key | null}
Parameters
• ipsec spi number — Enter a unique security policy index number (256 to 4294967295).
• esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or
NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported.
• key — Enter the text string used in the encryption algorithm.
• authentication-type — Enter the encryption authentication algorithm to use (MD5 or SHA1).
• key — Enter the text string used in the authentication algorithm.
• null — Enter the keyword to not use the IPsec encryption.
Default IPv6 OSPF encryption is not congured on an interface.
Command Mode INTERFACE
Usage Information
• Before you enable IPsec authentication on an OSPFv3 interface, you must enable IPv6 unicast routing globally,
congure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area.
• When you congure encryption on an interface, both IPsec encryption and authentication are enabled. You
cannot congure encryption if you have already congured an interface for IPsec authentication (ipv6 ospf
authentication ipsec). To congure encryption, you must rst delete the authentication policy.
• All neighboring OSPFv3 routers must share the same encryption key to decrypt information. Only a non-
encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES — 16
hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192.
• All neighboring OSPFv3 routers must share the same authentication key to exchange information. Only a non-
encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For
SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.
390 Layer 3