Filter
Top Products
738 | Open Shortest Path First (OSPFv2 and OSPFv3)
www.dell.com | support.dell.com
To remove an IPsec encryption policy from an interface, enter the no ipv6 ospf encryption ipsec spi
number command. To remove null encryption on an interface to allow the interface to inherit the
encryption policy configured for the OSPFv3 area, enter the
no ipv6 ospf encryption null command.
To display the configuration of IPsec encryption policies on the router, enter the show crypto ipsec policy
command. To display the security associations set up for OSPFv3 interfaces in encryption policies, enter
the show crypto ipsec sa ipv6 command.
Configuring IPsec Authentication for an OSPFv3 Area
Prerequisite: Before you enable IPsec authentication on an OSPFv3 area, you must first enable OSPFv3
globally on the router (see Configuration Task List for OSPFv3 (OSPF for IPv6) on page 726).
To configure IPsec authentication for an OSPFv3 area, enter the following command in global
configuration mode:
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You
must configure the same authentication policy (same SPI and key) on each interface in an OPSFv3 link.
If you have enabled IPsec encryption in an OSPFv3 area with the
area encryption command, you cannot
use the
area authentication command in the area at the same time.
The configuration of IPsec authentication on an interface-level takes precedence over an area-level
configuration. If you remove an interface configuration, an area authentication policy that has been
configured is applied to the interface.
To remove an IPsec authentication policy from an OSPFv3 area, enter the
no area area-id authentication
ipsec spi
number command.
Command Syntax Command Mode Usage
area-id authentication ipsec
spi
number {MD5 | SHA1}
[key-encryption-type] key
CONF-IPV6-
ROUTER-OSPF
Enable IPsec authentication for OSPFv3 packets in an
area, where:
area area-id specifies the area for which OSPFv3
traffic is to be authenticated. For area-id, you can
enter a number or an IPv6 prefix.
spi number is the Security Policy index (SPI)
value. Range: 256 to 4294967295.
MD5 | SHA1 specifies the authentication type:
message digest 5 (MD5) or Secure Hash
Algorithm 1 (SHA-1).
key-encryption-type (optional) specifies if the
key is encrypted. Valid values: 0 (key is not
encrypted) or 7 (key is encrypted).
key specifies the text string used in
authentication. All neighboring OSPFv3 routers must
share the same key to exchange information.
For MD5 authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted).
For SHA-1 authentication, the key must be 40 hex
digits (non-encrypted) or 80 hex digits (encrypted).