EasyManuals Logo

Brocade Communications Systems FastIron X Series User Manual

Brocade Communications Systems FastIron X Series
593 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #312 background imageLoading...
Page #312 background image
To disable the logging of events, enter the following command.
device(config-ospf6-router)# no log-status-change
Syntax: [no] log-status-change
To re-enable the logging of events, enter the following command.
device(config-ospf6-router)# log-status-change
IPsec for OSPFv3
IPSec secures OSPFv3 communications by authenticating and encrypting each IP packet of a communication session.
IPsec is available for OSPFv3 trac only and only for packets that are “for-us”. A for-us packet is addressed to one of the IPv6
addresses on the device or to an IPv6 multicast address. Packets that are just forwarded by the line card do not receive IPsec scrutiny.
Brocade devices support the following components of IPsec for IPv6-addressed packets:
Authentication through Encapsulating Security Payload (ESP) in transport mode
HMAC-SHA1-96 as the authentication algorithm
Manual conguration of keys
Congurable rollover timer
IPsec can be enabled on the following logical entities:
Interface
Area
Virtual link
With respect to trac classes, this implementation of IPSec uses a single security association (SA) between the source and destination to
support all trac classes and so does not dierentiate between the dierent classes of trac that the DSCP bits dene.
IPsec on a virtual link is a global conguration. Interface and area IPsec congurations are more granular.
Among the entities that can have IPsec protection, the interfaces and areas can overlap. The interface IPsec conguration takes
precedence over the area IPsec conguration when an area and an interface within that area use IPsec. Therefore, if you congure IPsec
for an interface and an area conguration also exists that includes this interface, the interface’s IPsec conguration is used by that
interface. However, if you disable IPsec on an interface, IPsec is disabled on the interface even if the interface has its own, specic
authentication.
For IPsec, the system generates two types of databases. The security association database (SAD) contains a security association for
each interface or one global database for a virtual link. Even if IPsec is congured for an area, each interface that uses the area’s IPsec still
has its own security association in the SAD. Each SA in the SAD is a generated entry that is based on your specications of an
authentication protocol (ESP in the current release), destination address, and a security policy index (SPI). The SPI number is user-
specied according to the network plan. Consideration for the SPI values to specify must apply to the whole network.
The system-generated security policy databases (SPDs) contain the security policies against which the system checks the for-us packets.
For each for-us packet that has an ESP header, the applicable security policy in the security policy database (SPD) is checked to see if
this packet complies with the policy. The IPsec task drops the non-compliant packets. Compliant packets continue on to the OSPFv3
task.
Conguring OSPFv3
FastIron Ethernet Switch Layer 3 Routing
312 53-1003627-04

Table of Contents

Other manuals for Brocade Communications Systems FastIron X Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Brocade Communications Systems FastIron X Series and is the answer not in the manual?

Brocade Communications Systems FastIron X Series Specifications

General IconGeneral
BrandBrocade Communications Systems
ModelFastIron X Series
CategorySwitch
LanguageEnglish

Related product manuals