Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4148U-ON

381

382

383

384

385

386

387

388

389

390

area encryption

Congures encryption for an OSPFv3 area.

Syntax

area area-id encryption ipsec spi number esp encryption-type key

authentication-type key

Parameters

• area area-id — Enter an area ID as a number or IPv6 prex.

• ipsec spi number — Enter a unique security policy index number (256 to 4294967295).

• esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or

NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported.

• key — Enter the text string used in the encryption algorithm.

• authentication-type — Enter the encryption authentication algorithm to use (MD5 or SHA1).

• key — Enter the text string used in the authentication algorithm.

Default OSPFv3 area encryption is not congured.

Command Mode ROUTER-OSPFv3

Usage Information

• Before you enable IPsec encryption for an OSPFv3 area, you must enable OSPFv3 globally on each router.

• When you congure encryption at the area level, both IPsec encryption and authentication are enabled. You

cannot congure encryption if you have already congured an IPsec area authentication (area ospf

authentication ipsec). To congure encryption, you must rst delete the authentication policy.

• All OSPFv3 routers in the area must share the same encryption key to decrypt information. Only a non-

encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES — 16

hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192.

• All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a non-

encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For

SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.

Example

OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des

1234567812345678 md5

12345678123456781234567812345678

Supported Releases 10.4.0E(R1) or later

area stub

Denes an area as the OSPF stub area.

Syntax

area area-id stub [no-summary]

Parameters

• area-id—Set the OSPFv3 area ID as an IP address (A.B.C.D) or number (1 to 65535).

• no-summary—(Optional) Prevents an area border router from sending summary link advertisements into the

stub area.

Default Not congured

Command Mode ROUTER-OSPFv3

Usage Information The no version of this command deletes a stub area.

Example

OS10(config)# router ospfv3 10

OS10(conf-router-ospfv3-10)# area 10.10.1.5 stub

Layer 3 381