Dell Force10 S4810P Configuration Manual page 767

Configuring IPsec Encryption on an Interface
Prerequisite: Before you enable IPsec encryption on an OSPFv3 interface, you must first enable IPv6
unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an
area (see Configuration Task List for OSPFv3 (OSPF for
To configure IPsec encryption on an interface, enter the following command:
Command Syntax
ipv6 ospf encryption { null | ipsec
spi number esp encryption-algorithm
[key-encryption-type] key
authentication-algorithm
[key-authentication-type] key}
Note that when you configure encryption with the
IPsec encryption and authentication. However, when you enable authentication on an interface with the
ipv6 ospf authentication ipsec
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router . You
must configure the same authentication policy (same SPI and key) on each OSPFv3 interface in a link.
Command
Mode Usage
INTERFACE Enable IPsec encryption for OSPFv3 packets on an
IPv6-based interface, where:
null causes an encryption policy configured for the
area to not be inherited on the interface.
ipsec spi number is the Security Policy index (SPI)
value. Range: 256 to 4294967295.
esp encryption-algorithm specifies the encryption
algorithm used with ESP.
AES-CBC
AES-128 and AES-192 ciphers are supported.
key specifies the text string used in the encryption. All
neighboring OSPFv3 routers must share the same key
to decrypt information. Required lengths of a
non-encrypted or encrypted key are: 3DES - 48 or 96
hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or
64 hex digits for AES-128 and 48 or 96 hex digits for
AES-192.
key-encryption-type
encrypted.
(key is encrypted).
authentication-algorithm specifies the encryption
authentication algorithm to use.
SHA1
key specifies the text string used in used in
authentication. All neighboring OSPFv3 routers must
share the same key to exchange information. For MD5
authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted). For
SHA-1 authentication, the key must be 40 hex digits
(non-encrypted) or 80 hex digits (encrypted).
key-authentication-type (optional) specifies if the
authentication key is encrypted. Valid values:
ipv6 ospf encryption ipsec
command, you do not enable encryption at the same time.
IPv6)).
Valid values
, and . For
NULL AES-CBC
(optional) specifies if the key is
: 0 (key is not encrypted) or 7
Valid values
.
command, you enable both
Open Shortest Path First (OSPFv2 and OSPFv3) | 767
:
3DES, DES,
, only the
or
Valid values: MD5
or .
0 7