Dell Force10 S4810P Configuration Manual page 768

To remove an IPsec encryption policy from an interface, enter the
command. To remove null encryption on an interface to allow the interface to inherit the encryption policy
configured for the OSPFv3 area, enter the
To display the configuration of IPsec encryption policies on the router, enter the
command. To display the security associations set up for OSPFv3 interfaces in encryption policies, enter
the
show crypto ipsec sa ipv6
Configuring IPsec Authentication for an OSPFv3 Area
Prerequisite: Before you enable IPsec authentication on an OSPFv3 area, you must first enable OSPFv3
globally on the router (see
To configure IPsec authentication for an OSPFv3 area, enter the following command in global
configuration mode:
Command Syntax
area -id authentication ipsec
spi number { MD5 | SHA1 }
[key-encryption-type] key
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router . You
must configure the same authentication policy (same SPI and key) on each interface in an OPSFv3 link.
If you have enabled IPsec encryption in an OSPFv3 area with the
use the
area authentication
The configuration of IPsec authentication on an interface-level takes precedence over an area-level
configuration. If you remove an interface configuration, an area authentication policy that has been
configured is applied to the interface.
To remove an IPsec authentication policy from an OSPFv3 area, enter the
ipsec spi number
768
| Open Shortest Path First (OSPFv2 and OSPFv3)
command.
Configuration Task List for OSPFv3 (OSPF for
Command Mode
CONF-IPV6-
ROUTER-OSPF
command in the area at the same time.
command.
no ipv6 ospf encryption ipsec spi
no ipv6 ospf encryption nul
Usage
Enable IPsec authentication for OSPFv3 packets in an
area, where:
area area-id
traffic is to be authenticated. For
enter a number or an IPv6 prefix.
spi number
Range: 256 to 4294967295.
MD5 | SHA1
message digest 5 (
( .
SHA-1)
key-encryption-type
encrypted.
Valid values
(key is encrypted).
specifies the text string used in authentication. All
key
neighboring OSPFv3 routers must share the same key
to exchange information.
For MD5 authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted).
For SHA-1 authentication, the key must be 40 hex
digits (non-encrypted) or 80 hex digits (encrypted).
area encryption
command.
l
show crypto ipsec policy
IPv6)).
specifies the area for which OSPFv3
area-id
is the Security Policy index (SPI) value.
specifies the authentication type:
) or Secure Hash Algorithm 1
MD5
(optional) specifies if the key is
: (key is not encrypted) or
0
command, you cannot
no area area-id authentication
number
, you can
7