EasyManuals Logo

Allied Telesis AlliedWare Plus User Manual

Allied Telesis AlliedWare Plus
3082 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1098 background imageLoading...
Page #1098 background image
C613-50100-01 REV C Command Reference for x930 Series 1098
AlliedWare Plus™ Operating System - Version 5.4.6-1.x
OSPFV3 FOR IPV6 COMMANDS
IPV
6 OSPF ENCRYPTION SPI ESP
Security is achieved using the IPv6 ESP extension header. The IPv6 ESP extension
header is used to provide confidentiality, integrity, authentication, and
confidentiality. Authentication fields are removed from OSPF for IPv6 packet
headers, so applying IPv6 ESP extension headers are required for integrity,
authentication, and confidentiality.
Use the null keyword to override existing area encryption. Apply the null keyword
if area encryption is already configured to then configure encryption on an
interface instead.
Use the sha1 keyword to choose SHA-1 authentication instead of entering the
md5 keyword to use MD5 authentication. The SHA-1 algorithm is more secure
than the MD5 algorithm. SHA-1 uses a 40 hexadecimal character key instead of a
32 hexadecimal character key as used for MD5 authentication.
See the OSPFv3 Feature Overview and Configuration Guide for more information
and examples.
NOTE: You can configure an encryption security policy (SPI) on a VLAN interface with
this command, or an OSPFv3 area with the area encryption ipsec spi esp command.
When you configure encryption for an area, the security policy is applied to all VLAN
interfaces in the area. Allied Telesis recommends a different encryption security policy
is applied for each interface for higher security.
If you apply the ipv6 ospf encryption null command this affects encryption
configured on both the VLAN interface and the OSPFv3 area.
This is due to OSPFv3 hello messages ingressing VLAN interfaces, which are part of area
encryption, not being encrypted. So neighbors time out.
Example To enable ESP encryption, but not apply an AES-CBC key or a 3DES key, for interface
VLAN 2 and MD5 authentication with a 32 hexadecimal character key, use the
commands:
awplus# configure terminal
awplus(config)# interface vlan2
awplus(config-if)# ipv6 ospf encryption ipsec spi 1000 esp null
md5 1234567890ABCDEF1234567890ABCDEF
To enable ESP encryption, but not apply an AES-CBC key or a 3DES key, for interface
VLAN 2 and SHA-1 authentication with a 40 hexadecimal character key, use the
commands:
awplus# configure terminal
awplus(config)# interface vlan2
awplus(config-if)# ipv6 ospf encryption ipsec spi 1000 esp null
sha1 1234567890ABCDEF1234567890ABCDEF12345678

Table of Contents

Other manuals for Allied Telesis AlliedWare Plus

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Allied Telesis AlliedWare Plus and is the answer not in the manual?

Allied Telesis AlliedWare Plus Specifications

General IconGeneral
BrandAllied Telesis
ModelAlliedWare Plus
CategorySwitch
LanguageEnglish

Related product manuals