Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4148U-ON

381

382

383

384

385

386

387

388

389

390

ipv6 ospf encryption

Congures OSPFv3 encryption on an IPv6 interface.

Syntax

ipv6 ospf encryption ipsec spi number esp encryption-type key authentication-

type key

Parameters

• area area-id — Enter an area ID as a number or IPv6 prex.

• ipsec spi number — Enter a unique security policy index number (256 to 4294967295).

• esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or

NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported.

• key — Enter the text string used in the encryption algorithm.

• authentication-type — Enter the encryption authentication algorithm to use (MD5 or SHA1).

• key — Enter the text string used in the authentication algorithm.

Default IPv6 OSPF encryption is not congured on an interface.

Command Mode INTERFACE

Usage Information

• Before you enable IPsec authentication on an OSPFv3 interface, you must enable IPv6 unicast routing globally,

congure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area.

• When you congure encryption on an interface, both IPsec encryption and authentication are enabled. You

cannot congure encryption if you have already congured an interface for IPsec authentication (ipv6 ospf

authentication ipsec). To congure encryption, you must rst delete the authentication policy.

• All neighboring OSPFv3 routers must share the same encryption key to decrypt information. Only a non-

encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES — 16

hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192.

• All neighboring OSPFv3 routers must share the same authentication key to exchange information. Only a non-

encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For

SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.

Example

OS10(config)# interface ethernet 1/1/6

OS10(conf-if-eth1/1/6)# ipv6 ospf encryption ipsec spi 500 esp des

1234567812345678 md5

12345678123456781234567812345678

Supported Releases 10.4.0E(R1) or later

ipv6 ospf hello-interval

Sets the time interval between hello packets sent on an interface.

Syntax

ipv6 ospf hello-interval seconds

Parameters seconds — Enter the hello-interval value in seconds (1 to 65535).

Default 10 seconds

Command Mode INTERFACE

Usage Information All routers in a network must have the same hello time interval between the hello packets. The no version of the

this command resets the value to the default.

Example

OS10(config)# interface vlan 10

OS10(conf-if-vl-10)# ipv6 ospf hello-interval 30

Layer 3 385