Use this command to configure IPsec authentication on an interface.
| ipsec | Sets the authentication type to IPsec for OSPFv3. |
| spi spi | Specifies the Security Parameters Index (SPI) for this IPv6 OSPF IPsec authentication configuration. Valid values are 256 - 4294967295 |
| md5 key | Specifies the MD5 authentication algorithm and configures a 16 byte MD5 key for this SPI entry. |
| sha1 key | Specifies the 20-byte sha1 key for this SPI entry. |
| aescbc key | Specifies the 16-byte aescbc key for this SPI entry. |
| hex | (Optional) Specifies that the SPI entry key is a hex string. |
If the hex option is not specified, the key is an ASCII passphrase value.
Interface configuration.
IPsec is an end-to-end security scheme that provides for the securing of IP communications using authentication and optional encryption. An IPsec authentication only entry consists of an SPI value to identify the entry, the specifying of the authentication algorithm for the entry, and the entry key. IPsec authentication entries are configured on a per interface basis.
IPsec authentication supports algorithms:
IPsec must be enabled in global VRF router configuration mode using the crypto ipsec enable command before using IPsec for OSPFv3 authentication.
If FIPS security mode is enabled using set security fips mode, only the SHA1 authentication algorithm is supported on the interface.
The “no” form of this command removes the IPsec authentication configuration on the interface.
This example shows how to configure VLAN 1 for IPsec SPI entry 256 for MD5 authentication with a hex key of 1234567890abcdef:
System(rw-config)->interface vlan 1 System(rw-config-intf-vlan.0.1)->ipv6 ospf authentication spi 256 md5 1234567890abcdef hex
Print
this page
Email this topic
Feedback
View PDF
Download EPUB