To implement area-based IPsec protection, you need to configure the same IPsec policy on the
•
routers in the target area.
To implement interface-based IPsec protection, you need to configure the same IPsec policy on the
•
interfaces between two neighboring routers.
To implement virtual link-based IPsec protection, you need to configure the same IPsec policy on the
•
two routers connected over the virtual link.
If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.
If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own IPsec policy.
Configuration prerequisites
Before you apply an IPsec policy for OSPFv3, complete following tasks.
•
Create an IPsec proposal.
Create an IPsec policy.
•
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration guidelines
An IPsec policy used for OSPFv3 can only be in manual mode. For more information, see Security
Configuration Guide.
Configuration procedure
To apply an IPsec policy in an area:
Step
1.
Enter system view.
Enter OSPFv3 view.
2.
3.
Enter OSPF area view.
4.
Apply an IPsec policy in the
area.
To apply an IPsec policy on an interface:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Apply an IPsec policy on the
interface.
To apply an IPsec policy on a virtual link:
Step
1.
Enter system view.
2.
Enter OSPFv3 view.
3.
Enter OSPF area view.
Command
system-view
ospfv3 [ process-id ]
area area-id
enable ipsec-policy policy-name
Command
system-view
interface interface-type
interface-number
ospfv3 ipsec-policy policy-name
[ instance instance-id ]
Command
system-view
ospfv3 [ process-id ]
area area-id
289
Remarks
N/A
N/A
N/A
Not configured by default.
Remarks
N/A
N/A
Not configured by default
Remarks
N/A
N/A
N/A