Dell Force10 C150 Configuration Manual page 737

Configuring IPsec Encryption on an Interface
Prerequisite: Before you enable IPsec encryption on an OSPFv3 interface, you must first enable IPv6
unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an
area (see Configuration Task List for OSPFv3 (OSPF for IPv6) on page
To configure IPsec encryption on an interface, enter the following command
Command Syntax
ipv6 ospf encryption { null | ipsec
spi number esp encryption-algorithm
[key-encryption-type] key
authentication-algorithm
[key-authentication-type] key }
Note that when you configure encryption with the
IPsec encryption and authentication. However, when you enable authentication on an interface with the
ipv6 ospf authentication ipsec
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You
must configure the same authentication policy (same SPI and key) on each OSPFv3 interface in a link.
Command
Mode Usage
INTERFACE Enable IPsec encryption for OSPFv3 packets on an
IPv6-based interface, where:
null causes an encryption policy configured for
the area to not be inherited on the interface .
ipsec spi number is the Security Policy index
(SPI) value. Range: 256 to 4294967295.
esp encryption-algorithm specifies the
encryption algorithm used with ESP. Valid
values are: 3DES, DES, AES-CBC, and NULL.
For AES-CBC, only the AES-128 and AES-192
ciphers are supported.
key specifies the text string used in the encryption.
All neighboring OSPFv3 routers must share the same
key to decrypt information. Required lengths of a
non-encrypted or encrypted key are: 3DES - 48 or 96
hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or
64 hex digits for AES-128 and 48 or 96 hex digits for
AES-192.
key-encryption-type (optional) specifies if the
key is encrypted. Valid values: 0 (key is not
encrypted) or 7 (key is encrypted).
authentication-algorithm specifies the encryption
authentication algorithm to use. Valid values
are MD5 or SHA1.
key specifies the text string used in used in
authentication. All neighboring OSPFv3 routers must
share the same key to exchange information. For MD5
authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted). For
SHA-1 authentication, the key must be 40 hex digits
(non-encrypted) or 80 hex digits (encrypted).
key-authentication-type (optional) specifies if the
authentication key is encrypted. Valid values: 0
or 7 .
ipv6 ospf encryption ipsec
command, you do not enable encryption at the same time.
726).
command, you enable both
Open Shortest Path First (OSPFv2 and OSPFv3) | 737