Open Shortest Path First (OSPFv2 and OSPFv3) | 769
To display the configuration of IPsec authentication policies on the router, enter the show crypto ipsec
policy
command.
Configuring IPsec Encryption for an OSPFv3 Area
Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, you must first enable OSPFv3
globally on the router (see Configuration Task List for OSPFv3 (OSPF for IPv6)).
To configure IPsec encryption in an OSPFv3 area, enter the following command in global configuration
mode:
An SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You
must configure the same encryption policy (same SPI and keys) on each interface in an OPSFv3 link.
Command Syntax Command Mode Usage
area area-id encryption ipsec
spi
number
esp encryption-algorithm
[key-encryption-type] key
authentication-algorithm
[key-authentication-type] key
CONF-IPV6-
ROUTER-OSPF
Enable IPsec encryption for OSPFv3 packets in an area,
where:
area area-id specifies the area for which OSPFv3 traffic
is to be encrypted. For area-id, you can enter a number or
an IPv6 prefix.
spi number is the Security Policy index (SPI) value.
Range: 256 to 4294967295.
esp encryption-algorithm specifies the encryption
algorithm used with ESP. Valid values: 3DES, DES,
AES-CBC
, and NULL. For AES-CBC, only the AES-128
and AES-192 ciphers are supported.
key specifies the text string used in the encryption. All
neighboring OSPFv3 routers must share the same key to
decrypt information. Required lengths of a non-encrypted
or encrypted key are:
3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits;
AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96
hex digits for AES-192.
key-encryption-type (optional) specifies if the key is
encrypted. Valid values: 0 (key is not encrypted) or 7 (key
is encrypted).
authentication-algorithm specifies the authentication
algorithm to use for encryption.
Valid values: MD5 or SHA1.
key specifies the text string used in authentication. All
neighboring OSPFv3 routers must share the same key to
exchange information.
For MD5 authentication, the key must be 32 hex digits
(non-encrypted) or 64 hex digits (encrypted). For SHA-1
authentication, the key must be 40 hex digits
(non-encrypted) or 80 hex digits (encrypted).
key-authentication-type (optional) specifies if the
authentication key is encrypted. Valid values: 0 or 7.
To Next Page
Loading...
