Dell MX5108n OS10 Enterprise Edition User Guide for PowerEdge MX IO Modules Re - Page 399
IPsec authentication for OSPFv3 area, MD5 | SHA1}
View all Dell MX5108n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 399 highlights
- key - Enter the text string used in the encryption algorithm. All neighboring OSPFv3 routers must share the key to decrypt information. Only a non-encrypted key is supported. Required lengths of the non-encrypted key are: 3DES - 48 hex digits; DES - 16 hex digits; AES-CBC - 32 hex digits for AES-128 and 48 hex digits for AES-192. - authentication-type key - Enter the encryption authentication algorithm to use (MD5 or SHA1). - key - Enter the text string used in the authentication algorithm. All neighboring OSPFv3 routers must share the key to exchange information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported. To delete an IPsec encryption policy, use the no ipv6 ospf encryption ipsec spi number or no ipv6 ospf encryption null command. Configure IPsec encryption on interface OS10(conf-if-eth1/1/1)# ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 no switchport no shutdown ipv6 address 1::1/64 Configure IPsec authentication for OSPFv3 area Prerequisite: Before you enable IPsec authentication for an OSPFv3 area, enable OSPFv3 globally on the router. • Enable IPsec authentication for OSPFv3 packets in an area in Router-OSPFv3 mode. area area-id authentication ipsec spi number {MD5 | SHA1} key - area area-id - Enter an area ID as a number or IPv6 prefix. - ipsec spi number - Enter a unique security policy index (SPI) value (256 to 4294967295). - md5 - Enable message digest 5 (MD5) authentication. - sha1 - Enable secure hash algorithm 1 (SHA-1) authentication. - key - Enter the text string used in the authentication type. All OSPFv3 routers in the area share the key to exchange information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported. To delete an IPsec area authentication policy, use the no area area-id authentication ipsec spi number command. Configure IPsec authentication for an OSPfv3 area OS10(config-router-ospfv3-100)# area 1 authentication ipsec spi 400 md5 12345678123456781234567812345678 OS10(config-router-ospfv3-100)# show configuration ! router ospfv3 100 area 0.0.0.1 authentication ipsec spi 400 md5 12345678123456781234567812345678 IPsec encryption for OSPV3 area Prerequisite: Before you enable IPsec encryption for an OSPFv3 area, first enable OSPFv3 globally on the router. When you configure encryption at the area level, both IPsec encryption and authentication are enabled. You cannot configure encryption if you have already configured an IPsec area authentication (area ospf authentication ipsec). To configure encryption, you must first delete the authentication policy. • Enable IPsec encryption for OSPFv3 packets in an area in Router-OSPFv3 mode. area area-id encryption ipsec spi number esp encryption-type key authentication-type key - area area-id - Enter an area ID as a number or IPv6 prefix. Layer 3 399