Users Guide
Valid values: 0 (key is not encrypted) or 7 (key is encrypted).
key
Text string used in authentication.
For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits
(encrypted).
For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits
(encrypted).
null
Causes an encryption policy congured for the area to not be inherited on the interface.
Defaults Not congured.
Command Modes ROUTER OSPFv3
Supported Modes Full—Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information
Before you enable IPsec encryption on an OSPFv3 interface, rst enable OSPFv3 globally on the router. Congure
the same encryption policy (same SPI and keys) on each interface in an OSPFv3 link.
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
When you congure encryption for an OSPFv3 area with the area encryption command, you enable both
IPsec encryption and authentication. However, when you enable authentication on an area with the area
authentication command, you do not enable encryption at the same time.
If you have enabled IPsec authentication in an OSPFv3 area with the area authentication command, you
cannot use the
area encryption command in the area at the same time.
The conguration of IPsec encryption on an interface-level takes precedence over an area-level conguration. If
you remove an interface conguration, an area encryption policy that has been congured is applied to the
interface.
area nssa
Specify an area as a not so stubby area (NSSA).
Syntax
area area-id nssa [default-information-originate] [no-redistribution] [no-
summary]
To delete an NSSA, use the no area area-id nssa command.
Parameters
area-id Specify the OSPF area by entering a number from zero (0) to 65535.
Open Shortest Path First (OSPFv2 and OSPFv3) 971