The no form of this command sets the key-add-remove-interval back to a default of 300 seconds.
The ipv6 command is available in the conguration interface context for a specic interface.
The ospf keyword identies OSPFv3 as the protocol to receive IPsec security.
The authentication keyword enables authentication.
The ipsec keyword species IPsec as the authentication protocol.
The range is a value between 0 and 14400 seconds.
This command is not set by default and key-add-remove-interval is set to the same value as key-rollover-interval.
NOTE
This command will not resolve the issue completely on a network where Brocade Routers running software that does not
support key-add-remove-interval (earlier versions of NetIron R05.3.00) and other vendor’s routers are present. In this case,
disabling and enabling the interface or setting key-rollover-interval to 0 will resolve the issue.
Conguring IPsec on a interface
For IPsec to work, the IPsec
conguration must be the same on all the routers to which an interface connects.
For multicast, IPsec does not need or use a specic destination address, the destination address is "do not care," and this status is
reected by the lone pair of colons (::) for destination address in the show command output.
To congure IPsec on an interface, proceed as in the following example.
NOTE
The IPsec conguration for an interface applies to the inbound and outbound directions. Also, the same authentication
parameters must be used by all devices on the network to which the interface is connected, as described in section 7 of RFC
4552.
device(config-if-e10000-1/1/2)# ipv6 ospf auth ipsec spi 429496795 esp sha1
abcdef12345678900987654321fedcba12345678
Syntax: [no] ipv6 ospf authentication ipsec spi spi-num esp sha1 [no-encrypt] key
The no form of this command deletes IPsec from the interface.
The ipv6 command is available in the conguration interface context for a specic interface.
The ospf keyword identies OSPFv3 as the protocol to receive IPsec security.
The authentication keyword enables authentication.
The ipsec keyword species IPsec as the authentication protocol.
The spi keyword and the spi-num variable specify the security parameter that points to the security association. The near-end and far-
end values for spi-num must be the same. The range for spi-num is decimal 256 through 4294967295.
The mandatory esp keyword species ESP (rather than authentication header) as the protocol to provide packet-level security. In the
current release, this parameter can be esp only.
The sha1 keyword species the HMAC-SHA1-96 authentication algorithm. This mandatory parameter can be only the sha1 keyword in
the current release.
Including the optional no-encrypt keyword means that when you display the IPsec conguration, the key is displayed in its unencrypted
form and also saved as unencrypted.
Conguring OSPFv3
FastIron Ethernet Switch Layer 3 Routing
53-1003627-04 315
To Next Page
Loading...
Need help?
General
