Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

441

442

443

444

445

446

447

448

449

450

no shutdown

ipv6 address 1::1/64

Congure IPsec authentication for OSPFv3 area

Prerequisite: Before you enable IPsec authentication for an OSPFv3 area, enable OSPFv3 globally on the router.

• Enable IPsec authentication for OSPFv3 packets in an area in Router-OSPFv3 mode.

area area-id authentication ipsec spi number {MD5 | SHA1} key

– area area-id — Enter an area ID as a number or IPv6 prex.

– ipsec spi number — Enter a unique security policy index (SPI) value (256 to 4294967295).

– md5 — Enable message digest 5 (MD5) authentication.

– sha1 — Enable secure hash algorithm 1 (SHA-1) authentication.

– key — Enter the text string used in the authentication type. All OSPFv3 routers in the area share the key to exchange information.

Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1

authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.

To delete an IPsec area authentication policy, use the no area area-id authentication ipsec spi number command.

Congure IPsec authentication for an OSPfv3 area

OS10(config-router-ospfv3-100)# area 1 authentication ipsec spi 400 md5

12345678123456781234567812345678

OS10(config-router-ospfv3-100)# show configuration

router ospfv3 100

area 0.0.0.1 authentication ipsec spi 400 md5 12345678123456781234567812345678

IPsec encryption for OSPV3 area

Prerequisite: Before you enable IPsec encryption for an OSPFv3 area, rst enable OSPFv3 globally on the router.

When you congure encryption at the area level, both IPsec encryption and authentication are enabled. You cannot congure encryption if

you have already congured an IPsec area authentication (area ospf authentication ipsec). To congure encryption, you must

rst delete the authentication policy.

• Enable IPsec encryption for OSPFv3 packets in an area in Router-OSPFv3 mode.

area area-id encryption ipsec spi number esp encryption-type key

authentication-type key

– area area-id — Enter an area ID as a number or IPv6 prex.

– ipsec spi number — Enter a unique security policy index (SPI) value (256 to 4294967295).

– esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or NULL). For AES-CBC,

only the AES-128 and AES-192 ciphers are supported.

– key — Enter the text string used in the encryption algorithm. All neighboring OSPFv3 routers must share the key to decrypt

information. Only a non-encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES —

16 hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192.

– authentication-type — Enter the encryption authentication algorithm to use (MD5 or SHA1).

– key — Enter the text string used in the authentication algorithm. All neighboring OSPFv3 routers must share the key to exchange

information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits.

For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.

To delete an IPsec encryption policy, use the no area area-id encryption ipsec spi number command.

Congure IPsec encryption for OSPFv3 area

OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5

12345678123456781234567812345678

Layer 3

443