Allied Telesis AR2050V Command Reference Manual page 1046

OSPF 3 IP 6 C
V FOR V OMMANDS
6
IPV OSPF ENCRYPTION SPI ESP
Security is achieved using the IPv6 ESP extension header. The IPv6 ESP extension
header is used to provide confidentiality, integrity, authentication, and
confidentiality. Authentication fields are removed from OSPF for IPv6 packet
headers, so applying IPv6 ESP extension headers are required for integrity,
authentication, and confidentiality.
Use the null keyword to override existing area encryption. Apply the null keyword
if area encryption is already configured to then configure encryption on an
interface instead.
Use the sha1 keyword to choose SHA-1 authentication instead of entering the
md5 keyword to use MD5 authentication. The SHA-1 algorithm is more secure
than the MD5 algorithm. SHA-1 uses a 40 hexadecimal character key instead of a
32 hexadecimal character key as used for MD5 authentication.
See the
and examples.
NOTE
this command, or an OSPFv3 area with the
When you configure encryption for an area, the security policy is applied to all VLAN
interfaces in the area. Allied Telesis recommends a different encryption security policy
is applied for each interface for higher security.
If you apply the ipv6 ospf encryption null command this affects encryption
configured on both the VLAN interface and the OSPFv3 area.
This is due to OSPFv3 hello messages ingressing VLAN interfaces, which are part of area
encryption, not being encrypted. So neighbors time out.
Example To enable ESP encryption, but not apply an AES-CBC key or a 3DES key, for interface
VLAN 2 and MD5 authentication with a 32 hexadecimal character key, use the
commands:
awplus#
awplus(config)#
awplus(config-if)#
md5 1234567890ABCDEF1234567890ABCDEF
To enable ESP encryption, but not apply an AES-CBC key or a 3DES key, for interface
VLAN 2 and SHA-1 authentication with a 40 hexadecimal character key, use the
commands:
awplus#
awplus(config)#
awplus(config-if)#
sha1 1234567890ABCDEF1234567890ABCDEF12345678
C613-50186-01 Rev B
OSPFv3 Feature Overview and Configuration Guide
: You can configure an encryption security policy (SPI) on a VLAN interface with
configure terminal
interface vlan2
ipv6 ospf encryption ipsec spi 1000 esp null
configure terminal
interface vlan2
ipv6 ospf encryption ipsec spi 1000 esp null
Command Reference for AR2050V
AlliedWare Plus™ Operating System - Version 5.4.7-1.x
for more information
area encryption ipsec spi esp command.
1046