Dell Force10 C150 Configuration Manual page 739

Ftos configuration guide ftos 8.4.2.7 e-series terascale, c-series, s-series (s50/s25)

Hide thumbs Also See for Force10 C150:

Manual (57 pages)

Manual (66 pages)

Quick start manual (33 pages)

Table of Contents

To display the configuration of IPsec authentication policies on the router, enter the show crypto ipsec

policy command.

Configuring IPsec Encryption for an OSPFv3 Area

Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, you must first enable OSPFv3

globally on the router (see

To configure IPsec encryption in an OSPFv3 area, enter the following command in global configuration

Command Syntax

area area-id encryption ipsec

esp encryption-algorithm

[key-encryption-type] key

authentication-algorithm

[key-authentication-type] key

An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You

must configure the same encryption policy (same SPI and keys) on each interface in an OPSFv3 link.

Configuration Task List for OSPFv3 (OSPF for IPv6) on page

Command Mode

Enable IPsec encryption for OSPFv3 packets in an area,

area area-id specifies the area for which OSPFv3

traffic is to be encrypted. For area-id, you can enter

a number or an IPv6 prefix.

spi number is the Security Policy index (SPI) value.

Range: 256 to 4294967295.

esp encryption-algorithm specifies the encryption

algorithm used with ESP. Valid values are: 3DES,

DES, AES-CBC, and NULL. For AES-CBC, only the

AES-128 and AES-192 ciphers are supported.

key specifies the text string used in the encryption.

All neighboring OSPFv3 routers must share the same key

to decrypt information. Required lengths of a

non-encrypted or encrypted key are:

3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits;

AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96

hex digits for AES-192.

key-encryption-type (optional) specifies if the key

is encrypted. Valid values: 0 (key is not encrypted)

or 7 (key is encrypted).

authentication-algorithm specifies the

authentication algorithm to use for encryption.

Valid values are MD5 or SHA1.

key specifies the text string used in authentication.

All neighboring OSPFv3 routers must share the same key

to exchange information.

For MD5 authentication, the key must be 32 hex digits

(non-encrypted) or 64 hex digits (encrypted). For SHA-1

authentication, the key must be 40 hex digits

(non-encrypted) or 80 hex digits (encrypted).

key-authentication-type (optional) specifies if the

authentication key is encrypted. Valid values: 0 or

Open Shortest Path First (OSPFv2 and OSPFv3) | 739

Show Quick Links

Table of Contents

Troubleshooting

Dell Force10 C150 Configuration Manual page 739

Hide quick links:

Troubleshooting

Related Manuals for Dell Force10 C150

Related Products for Dell Force10 C150

This manual is also suitable for:

Table of Contents