Dell Force10 C150 Configuration Manual page 738

To remove an IPsec encryption policy from an interface, enter the
number command. To remove null encryption on an interface to allow the interface to inherit the
encryption policy configured for the OSPFv3 area, enter the
To display the configuration of IPsec encryption policies on the router, enter the show crypto ipsec policy
command. To display the security associations set up for OSPFv3 interfaces in encryption policies, enter
the show crypto ipsec sa ipv6 command.
Configuring IPsec Authentication for an OSPFv3 Area
Prerequisite: Before you enable IPsec authentication on an OSPFv3 area, you must first enable OSPFv3
globally on the router (see
To configure IPsec authentication for an OSPFv3 area, enter the following command in global
configuration mode:
Command Syntax
area -id authentication ipsec
spi number { MD5 | SHA1 }
[key-encryption-type] key
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You
must configure the same authentication policy (same SPI and key) on each interface in an OPSFv3 link.
If you have enabled IPsec encryption in an OSPFv3 area with the
area authentication
use the
The configuration of IPsec authentication on an interface-level takes precedence over an area-level
configuration. If you remove an interface configuration, an area authentication policy that has been
configured is applied to the interface.
To remove an IPsec authentication policy from an OSPFv3 area, enter the
ipsec spi number
738 | Open Shortest Path First (OSPFv2 and OSPFv3)
Configuration Task List for OSPFv3 (OSPF for IPv6) on page
Command Mode
CONF-IPV6-
ROUTER-OSPF
command in the area at the same time.
command.
no ipv6 ospf encryption ipsec spi
no ipv6 ospf encryption null
Usage
Enable IPsec authentication for OSPFv3 packets in an
area, where:
area area-id specifies the area for which OSPFv3
traffic is to be authenticated. For area-id, you can
enter a number or an IPv6 prefix.
spi number is the Security Policy index (SPI)
value. Range: 256 to 4294967295.
MD5 | SHA1 specifies the authentication type:
message digest 5 (MD5) or Secure Hash
Algorithm 1 (SHA-1).
key-encryption-type (optional) specifies if the
key is encrypted. Valid values: 0 (key is not
encrypted) or 7 (key is encrypted).
key specifies the text string used in
authentication. All neighboring OSPFv3 routers must
share the same key to exchange information.
For MD5 authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted).
For SHA-1 authentication, the key must be 40 hex
digits (non-encrypted) or 80 hex digits (encrypted).
area encryption
no area area-id authentication
command.
726).
command, you cannot