Manualshelf

Command Line Reference Guide

ManualsBrandsDell ManualsserversDell Force10 E600i
1011101210131014101510161017101810191020
Open Shortest Path First (OSPFv2 and OSPFv3) | 1019
Default
Not configured.
Command Modes
INTERFACE
Command
History
Usage
Information
Before you enable IPsec authentication on an OSPFv3 interface, you must first enable IPv6 unicast
routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign the
interface to an area.
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
You must configure the same authentication policy (same SPI and key) on each OSPFv3 interface in a
link.
To remove an IPsec authentication policy from an interface, enter the no ipv6 ospf authentication spi
number command. To remove null authentication on an interface to allow the interface to inherit the
authentication policy configured for the OSPFv3 area, enter the no ipv6 ospf authentication null
command.
Related
Commands
ipv6 ospf encryption
e
t
Configure an IPsec encryption policy for OSPFv3 packets on an IPv6 interface.
Syntax
ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [key-encryption-type]
key authentication-algorithm [key-encryption-type] key}
Parameters
key-encryption-type
(OPTIONAL) Specifies if the key is encrypted.
Valid values: 0 (key is not encrypted) or 7 (key is encrypted).
key
Text string used in authentication.
For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex
digits (encrypted).
For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex
digits (encrypted).
Version 8.4.2.0 Introduced
area authentication Configure an IPsec authentication policy for an OSPFv3 area.
show crypto ipsec policy Display the configuration of IPsec authentication policies.
show crypto ipsec sa ipv6
Display the security associations set up for OSPFv3 interfaces in authentication policies.
null
Causes an encryption policy configured for the area to not be inherited on the interface.
ipsec spi number
Security Policy index (SPI) value that identifies an IPsec security policy.
Range: 256 to 4294967295.
esp
encryption-algorithm
Encryption algorithm used with ESP.
Valid values are: 3DES, DES, AES-CBC, and NULL.
For AES-CBC, only the AES-128 and AES-192 ciphers are supported.
key-encryption-type
(OPTIONAL) Specifies if the key is encrypted.
Valid values: 0 (key is not encrypted) or 7 (key is encrypted).