Dell PowerSwitch S4112F-ON OS10 Enterprise Edition User Guide Release 10.4.1.0 - Page 445
area encryption
View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 445 highlights
• key - Enter the text string used in the authentication type. Default Command Mode Usage Information OSPFv3 area authentication is not configured. ROUTER-OSPFv3 • Before you enable IPsec authentication for an OSPFv3 area, you must enable OSPFv3 globally on each router. • All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a non- encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported. Example OS10(config-router-ospfv3-100)# area 1 authentication ipsec spi 400 md5 12345678123456781234567812345678 Supported Releases 10.4.0E(R1) or later area encryption Configures encryption for an OSPFv3 area. Syntax area area-id encryption ipsec spi number esp encryption-type key authentication-type key Parameters • area area-id - Enter an area ID as a number or IPv6 prefix. • ipsec spi number - Enter a unique security policy index number (256 to 4294967295). • esp encryption-type - Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported. • key - Enter the text string used in the encryption algorithm. • authentication-type - Enter the encryption authentication algorithm to use (MD5 or SHA1). • key - Enter the text string used in the authentication algorithm. Default Command Mode Usage Information OSPFv3 area encryption is not configured. ROUTER-OSPFv3 • Before you enable IPsec encryption for an OSPFv3 area, you must enable OSPFv3 globally on each router. • When you configure encryption at the area level, both IPsec encryption and authentication are enabled. You cannot configure encryption if you have already configured an IPsec area authentication (area ospf authentication ipsec). To configure encryption, you must first delete the authentication policy. • All OSPFv3 routers in the area must share the same encryption key to decrypt information. Only a nonencrypted key is supported. Required lengths of the non-encrypted key are: 3DES - 48 hex digits; DES - 16 hex digits; AES-CBC - 32 hex digits for AES-128 and 48 hex digits for AES-192. • All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a nonencrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported. Example OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 Supported Releases 10.4.0E(R1) or later Layer 3 445