366
• To implement interface-based IPsec protection, configure the same IPsec profile on the
interfaces between two neighboring routers.
• To implement virtual link-based IPsec protection, configure the same IPsec profile on the two
routers connected over the virtual link.
• To implement sham link-based IPsec protection, configure the same IPsec profile on the two
routers connected over the sham link. For information about sham link, see MPLS
Configuration Guide.
• If an interface and its area each have an IPsec profile configured, the interface uses its own
IPsec profile.
• If a virtual link and area 0 each have an IPsec profile configured, the virtual link uses its own
IPsec profile.
• If a sham link and its area each have an IPsec profile configured, the sham link uses its own
IPsec profile.
To apply an IPsec profile to an area:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter OSPFv3 view.
ospfv3
[ process-id |
vpn-instance
vpn-instance-name ] *
N/A
3. Enter OSPFv3 area view.
area
area-id
N/A
4. Apply an IPsec profile to the
area.
enable ipsec-profile
profile-name
By default, no IPsec profile is
applied.
To apply an IPsec profile to an interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Apply an IPsec profile to the
interface.
ospfv3 ipsec-profile
profile-name
By default, no IPsec profile
is applied.
To apply an IPsec profile to a virtual link:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter OSPFv3 view.
ospfv3
[ process-id |
vpn-instance
vpn-instance-name ] *
N/A
3. Enter OSPFv3 area view.
area
area-id
N/A
4. Apply an IPsec profile to a
virtual link.
vlink-peer
router-id [
dead
seconds |
hello
seconds |
instance
instance-id |
retransmit
seconds |
trans-delay
seconds |
ipsec-profile
profile-name ] *
By default, no IPsec profile is
applied.
To apply an IPsec profile to a sham link:
Step Command Remarks
1. Enter system view.
system-view
N/A
To Next Page
Loading...
Need help?
General