Dell Force10 S4810P Configuration Manual page 769
High-density, 1ru 48-port 10gbe switch
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Reference manual (1637 pages)
Table of Contents
Advertisement
To display the configuration of IPsec authentication policies on the router, enter the
command.
policy
Configuring IPsec Encryption for an OSPFv3 Area
Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, you must first enable OSPFv3
globally on the router (see
To configure IPsec encryption in an OSPFv3 area, enter the following command in global configuration
mode:
Command Syntax
area area-id encryption ipsec
spi number
esp encryption-algorithm
[key-encryption-type] key
authentication-algorithm
[key-authentication-type] key
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router . You
must configure the same encryption policy (same SPI and keys) on each interface in an OPSFv3 link.
Configuration Task List for OSPFv3 (OSPF for
Command Mode
CONF-IPV6-
ROUTER-OSPF
IPv6)).
Usage
Enable IPsec encryption for OSPFv3 packets in an area,
where:
area area-id specifies the area for which OSPFv3 traffic
is to be encrypted. For
area-id
an IPv6 prefix.
is the Security Policy index (SPI) value.
spi number
Range: 256 to 4294967295.
specifies the encryption
esp encryption-algorithm
algorithm used with ESP. Valid values:
, and
. For
AES-CBC
NULL
and AES-192 ciphers are supported.
specifies the text string used in the encryption. All
key
neighboring OSPFv3 routers must share the same key to
decrypt information. Required lengths of a non-encrypted
or encrypted key are:
- 48 or 96 hex digits;
3DES
- 32 or 64 hex digits for AES-128 and 48 or 96
AES-CBC
hex digits for AES-192.
(optional) specifies if the key is
key-encryption-type
encrypted. Valid values: 0 (key is not encrypted) or 7 (key
is encrypted).
specifies the authentication
authentication-algorithm
algorithm to use for encryption.
Valid values: MD5 or SHA1.
specifies the text string used in authentication. All
key
neighboring OSPFv3 routers must share the same key to
exchange information.
For MD5 authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted). For SHA-1
authentication, the key must be 40 hex digits
(non-encrypted) or 80 hex digits (encrypted).
key-authentication-type
authentication key is encrypted. Valid values:
Open Shortest Path First (OSPFv2 and OSPFv3) | 769
show crypto ipsec
, you can enter a number or
3DES, DES,
, only the AES-128
AES-CBC
- 16 or 32 hex digits;
DES
(optional) specifies if the
or
.
0
7
Advertisement
Table of Contents
Troubleshooting
