Dell Force10 Z9000 Configuration Manual page 664
Ftos configuration guide for z9000 system
Hide thumbs
Also See for Force10 Z9000:
- Reference manual (1483 pages) ,
- Configuration manual (848 pages) ,
- Manual (56 pages)
Table of Contents
Advertisement
Configuring IPsec Authentication for an OSPFv3 Area
Prerequisite: Before you enable IPsec authentication on an OSPFv3 area, you must first enable OSPFv3
globally on the router (see
To configure IPsec authentication for an OSPFv3 area, enter the following command in global
configuration mode:
Command Syntax
area -id authentication ipsec
spi number { MD5 | SHA1 }
[key-encryption-type] key
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You
must configure the same authentication policy (same SPI and key) on each interface in an OPSFv3 link.
If you have enabled IPsec encryption in an OSPFv3 area with the
use the
area authentication
The configuration of IPsec authentication on an interface-level takes precedence over an area-level
configuration. If you remove an interface configuration, an area authentication policy that has been
configured is applied to the interface.
To remove an IPsec authentication policy from an OSPFv3 area, enter the
ipsec spi number
To display the configuration of IPsec authentication policies on the router, enter the
command.
policy
|
Open Shortest Path First (OSPFv2 and OSPFv3)
664
Configuration Task List for OSPFv3 (OSPF for
Command Mode
CONF-IPV6-
ROUTER-OSPF
command in the area at the same time.
command.
IPv6)).
Usage
Enable IPsec authentication for OSPFv3 packets in an
area, where:
specifies the area for which OSPFv3
area area-id
traffic is to be authenticated. For
enter a number or an IPv6 prefix.
spi number
is the Security Policy index (SPI) value.
Range: 256 to 4294967295.
specifies the authentication type:
MD5 | SHA1
message digest 5 (
) or Secure Hash Algorithm 1
MD5
(
.
SHA-1)
key-encryption-type
(optional) specifies if the key is
encrypted.
:
0
(key is not encrypted) or
Valid values
(key is encrypted).
specifies the text string used in authentication. All
key
neighboring OSPFv3 routers must share the same key
to exchange information.
For MD5 authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted).
For SHA-1 authentication, the key must be 40 hex
digits (non-encrypted) or 80 hex digits (encrypted).
area encryption
no area area-id authentication
, you can
area-id
7
command, you cannot
show crypto ipsec
Advertisement
Chapters
Table of Contents
Troubleshooting
