HPE 5800 Series Configuration Manual page 293

•
To implement interface-based IPsec protection, configure the same IPsec policy on the
interfaces between two neighboring routers.
•
To implement virtual link-based IPsec protection, configure the same IPsec policy on the two
routers connected over the virtual link.
If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec
policy. If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own
IPsec policy.
Configuration prerequisites
Before applying an IPsec policy for OSPFv3, complete the following tasks:
•
Create an IPsec proposal.
•
Create an IPsec policy.
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration procedure
An IPsec policy used for OSPFv3 can only be in manual mode. For more information, see Security
Configuration Guide.
To apply an IPsec policy in an area:
Step
Enter system view.
1.
Enter OSPFv3 view.
2.
Enter OSPF area view.
3.
Apply an IPsec policy in the
4.
area.
To apply an IPsec policy on an interface:
Step
Enter system view.
1.
Enter interface view.
2.
Apply an IPsec policy on the
3.
interface.
To apply an IPsec policy on a virtual link:
Step
Enter system view.
1.
Enter OSPFv3 view.
2.
Enter OSPF area view.
3.
Apply an IPsec policy on a
4.
virtual link.
Command
system-view
ospfv3 [ process-id ]
area area-id
enable ipsec-policy policy-name
Command
system-view
interface interface-type
interface-number
ospfv3 ipsec-policy policy-name
[ instance instance-id ]
Command
system-view
ospfv3 [ process-id ]
area area-id
vlink-peer router-id [ hello seconds |
retransmit seconds | trans-delay
seconds | dead seconds | instance
instance-id | ipsec-policy policy-name ] *
282
Remarks
N/A
N/A
N/A
Not configured by default.
Remarks
N/A
N/A
Not configured by default.
Remarks
N/A
N/A
N/A
Not configured by default.