Reference Guide

ManualsBrandsDell ManualsserversDell Force10 MXL Blade

671

672

673

674

675

676

677

678

679

680

676 | Open Shortest Path First (OSPFv2 and OSPFv3)

www.dell.com | support.dell.com

The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.

Configure the same authentication policy (the same SPI and key) on each OSPFv3 interface in a link.

Command Syntax Command Mode Usage

ipv6 ospf encryption

{null |

ipsec spi number esp

encryption-algorithm

[

key-encryption-type] key

authentication-algorithm

[

key-authentication-type]

key}

INTERFACE

Enable IPsec encryption for OSPFv3 packets

on an IPv6-based interface.

• null: causes an encryption policy

configured for the area to not be inherited

on the interface.

• ipsec spi number: is the security policy

index (SPI) value. The range is from 256

to 4294967295.

• esp encryption-algorithm:

specifies the encryption algorithm used

with ESP. The valid values are 3DES,

DES, AES-CBC, and NULL. For

AES-CBC, only the AES-128 and

AES-192 ciphers are supported.

• key: specifies the text string used in the

encryption. All neighboring OSPFv3

routers must share the same key to decrypt

information. Required lengths of a

non-encrypted or encrypted key are: 3DES

- 48 or 96 hex digits; DES - 16 or 32 hex

digits; AES-CBC - 32 or 64 hex digits for

AES-128 and 48 or 96 hex digits for

AES-192.

• key-encryption-type: (optional)

specifies if the key is encrypted. The valid

values are 0 (key is not encrypted) or 7

(key is encrypted).

• authentication-algorithm:

specifies the encryption authentication

algorithm to use. The valid values are

MD5 or SHA1.

• key: specifies the text string used in

authentication. All neighboring OSPFv3

routers must share key to exchange

information. For MD5 authentication, the

key must be 32 hex digits (non-encrypted)

or 64 hex digits (encrypted). For SHA-1

authentication, the key must be 40 hex

digits (non-encrypted) or 80 hex digits

(encrypted).

• key-authentication-type:

(optional) specifies if the authentication

key is encrypted. The valid values are 0 or

no ipv6 ospf encryption

ipsec spi

number

Remove an IPsec encryption policy from an

interface.

no ipv6 ospf encryption

null

Remove null encryption on an interface to

allow the interface to inherit the encryption

policy configured for the OSPFv3 area,

show crypto ipsec policy Display the configuration of IPsec encryption

policies on the router.