Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4148U-ON

371

372

373

374

375

376

377

378

379

380

To delete an IPsec area authentication policy, use the no area area-id authentication ipsec spi number command.

Congure IPsec authentication for an OSPfv3 area

OS10(config-router-ospfv3-100)# area 1 authentication ipsec spi 400 md5

12345678123456781234567812345678

OS10(config-router-ospfv3-100)# show configuration

router ospfv3 100

area 0.0.0.1 authentication ipsec spi 400 md5 12345678123456781234567812345678

IPsec encryption for OSPV3 area

Prerequisite: Before you enable IPsec encryption for an OSPFv3 area, rst enable OSPFv3 globally on the router.

When you congure encryption at the area level, both IPsec encryption and authentication are enabled. You cannot congure encryption if

you have already congured an IPsec area authentication (area ospf authentication ipsec). To congure encryption, you must

rst delete the authentication policy.

• Enable IPsec encryption for OSPFv3 packets in an area in Router-OSPFv3 mode.

area area-id encryption ipsec spi number esp encryption-type key

authentication-type key

• area area-id — Enter an area ID as a number or IPv6 prex.

• ipsec spi number — Enter a unique security policy index (SPI) value (256 to 4294967295).

• esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or NULL). For AES-CBC,

only the AES-128 and AES-192 ciphers are supported.

• key — Enter the text string used in the encryption algorithm. All neighboring OSPFv3 routers must share the key to decrypt

information. Only a non-encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES —

16 hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192.

• authentication-type — Enter the encryption authentication algorithm to use (MD5 or SHA1).

• key — Enter the text string used in the authentication algorithm. All neighboring OSPFv3 routers must share the key to exchange

information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits.

For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.

To delete an IPsec encryption policy, use the no area area-id encryption ipsec spi number command.

Congure IPsec encryption for OSPFv3 area

OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5

12345678123456781234567812345678

OS10(config-router-ospfv3-100)# show configuration

router ospfv3 100

area 0.0.0.1 encryption ipsec spi 401 esp des 1234567812345678 md5

12345678123456781234567812345678

Troubleshoot OSPFv3

You can troubleshoot OSPFv3 operations, as well as check questions for any typical issues that interrupt a process.

• Is OSPFv3 enabled globally?

• Is OSPFv3 enabled on the interface?

• Are adjacencies established correctly?

• Are the interfaces congured for L3 correctly?

• Is the router in the correct area type?

• Are the OSPF routes included in the OSPF database?

• Are the OSPF routes included in the routing table in addition to the OSPF database?

Layer 3

379