Support User Manuals

Dell S50V Switch User Manual

Open as PDF

of 1262

736 | Open Shortest Path First (OSPFv2 and OSPFv3)

www.dell.com | support.dell.com

• Configuring IPsec Authentication for an OSPFv3 Area

• Configuring IPsec Encryption for an OSPFv3 Area

• Displaying OSPFv3 IPsec Security Policies

Configuring IPsec Authentication on an Interface

Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, you must first enable IPv6

unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an

area (see Configuration Task List for OSPFv3 (OSPF for IPv6) on page 726).

To configure IPsec authentication on an interface, enter the following command:

An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You

must configure the same authentication policy (same SPI and key) on each OSPFv3 interface in a link.

To remove an IPsec authentication policy from an interface, enter the

no ipv6 ospf authentication ipsec

spi

number command. To remove null authentication on an interface to allow the interface to inherit the

authentication policy configured for the OSPFv3 area, enter the

no ipv6 ospf authentication null

command.

To display the configuration of IPsec authentication policies on the router, enter the show crypto ipsec

policy command. To display the security associations set up for OSPFv3 interfaces in authentication

policies, enter the show crypto ipsec sa ipv6 command.

Command Syntax Command Mode Usage

ipv6 ospf authentication {null |

ipsec spi number {MD5 | SHA1}

[key-encryption-type ] key}

INTERFACE Enable IPsec authentication for OSPFv3 packets on an

IPv6-based interface, where:

null causes an authentication policy configured

for the area to not be inherited on the interface

.

ipsec spi number is the Security Policy index (SPI)

value. Range: 256 to 4294967295.

MD5 | SHA1 specifies the authentication type:

Message Digest 5 (MD5) or Secure Hash

Algorithm 1 (SHA-1).

key-encryption-type (optional) specifies if the key

is encrypted. Valid values: 0 (key is not

encrypted) or 7 (key is encrypted).

key specifies the text string used in authentication.

All neighboring OSPFv3 routers must share the same

key to exchange information.

For MD5 authentication, the key must be 32 hex digits

(non-encrypted) or 64 hex digits (encrypted).

For SHA-1 authentication, the key must be 40 hex digits

(non-encrypted) or 80 hex digits (encrypted).

previous next