352
match, the device accepts the packet. Otherwise, the device discards the packet and will not establish a
neighbor relationship with the sending device.
You can configure an IPsec profile for an area, an interface, or a virtual link.
• To implement area-based IPsec protection, configure the same IPsec profile on the routers in the
target area.
• To implement interface-based IPsec protection, configure the same IPsec profile on the interfaces
between two neighboring routers.
• To implement virtual link-based IPsec protection, configure the same IPsec profile on the two routers
connected over the virtual link.
• If an interface and its area each have an IPsec profile configured, the interface uses its own IPsec
profile.
• If a virtual link and area 0 each have an IPsec profile configured, the virtual link uses its own IPsec
profile.
To apply an IPsec profile to an area:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter OSPFv3 view.
ospfv3 [ process-id | vpn-instance
vpn-instance-name ] *
N/A
3. Enter OSPFv3 area view.
area area-id N/A
4. Apply an IPsec profile to the
area.
enable ipsec-profile profile-name
By default, no IPsec profile is
applied.
To apply an IPsec profile to an interface:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Apply an IPsec profile to the
interface.
ospfv3 ipsec-profile profile-name
By default, no IPsec profile is
applied.
To apply an IPsec profile to a virtual link:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter OSPFv3 view.
ospfv3 [ process-id | vpn-instance
vpn-instance-name ] *
N/A
3. Enter OSPFv3 area view.
area area-id N/A
4. Apply an IPsec profile to a
virtual link.
vlink-peer router-id [ dead seconds | hello
seconds | instance instance-id | retransmit
seconds | trans-delay seconds |
ipsec-profile profile-name ] *
By default, no IPsec profile is
applied.
To Next Page
Loading...
Need help?
General