Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

ipv6 ospf encryption

Use this command to configure IPsec encrypted authentication on an interface.

Syntax

ipv6 ospf encryption ipsec spi spi esp {none | 3des key | aescbc {128 | 192 | 256} key} [hex] auth {md5 key | sha1 key | aescbc key | no-auth}
no ipv6 ospf encryption

Parameters

ipsec Sets the encrypted authentication type to IPsec for OSPFv3.
spi spi Specifies the Security Parameters Index (SPI) for this IPv6 OSPF IPsec authentication configuration. Valid values are 256 - 4294967295
esp An Encapsulation Security Payload or none will be specified.
none Specifies that no cipher algorithm is configured for this IPsec entry.
3des key Configures the Cipher algorithm 3-DES (Triple Data Encryption Standard) specifying a 24-byte key
aescbc {128 | 192 | 256} key Configures the AES (Cipher Block Chaining) cipher algorithm specifying:

128 – Configures a 128-bit (16-byte) key

192 – Configures a 192-bit (24-byte) key

256 – Configures a 256-bit (32-byte) key
auth The authentication keyword followed by the authentication algorithm to be configured.
md5 key Specifies the MD5 authentication algorithm and configures a 16-byte MD5 key for this SPI entry.
sha1 key Specifies the 20-byte sha1 key for this SPI entry.
aescbc key Specifies the 16-byte aescbc key for this SPI entry.
hex (Optional) Specifies that the SPI entry key is a hex string.

Defaults

If the hex option is not specified, the key is an ASCII passphrase value.

Mode

Interface configuration.

Usage

IPsec is an end-to-end security scheme that provides for the securing of IP communications using an authentication algorithm and optional encryption. An encrypted IPsec authentication entry consists of an SPI value to identify the entry, the specifying of a cipher encryption algorithm or no algorithm, the specifying of the authentication algorithm for the entry or no authentication, and the entry key. Encrypted IPsec authentication entries are configured on a per interface basis.

IPsec encryption supports ciphers:

  • 3DES – Triple Data Encryption Standard cipher algorithm
  • AESCBC – AES (Cipher Block Chaining) cipher algorithm

IPsec authentication supports algorithms:

  • MD5 – Message-Digest algorithm 5
  • SHA1 – Secure Hash Algorithm 1
  • AESCBC – Advanced Encryption Standard (AES) Cipher Algorithm in Cipher Block Chaining (CBC)

IPsec must be enabled in global VRF router configuration mode using the crypto ipsec enable command before using IPsec for OSPFv3 encrypted authentication.

If FIPS security mode is enabled using set security fips mode, only the SHA1 authentication algorithm is supported on the interface.

The “no” form of this command removes the IPsec encrypted authentication configuration on the interface.

Example

This example shows how to configure VLAN 1 for IPsec SPI entry 256 for the 128-bit aescbc encryption with a key of 1234567890abcdef, and for MD5 authentication with a hex key of 1234567890abcdef:

System(rw-config)->interface vlan 1
System(rw-config-intf-vlan.0.1)->ipv6 ospf encryption ipsec spi 256 esp aescbc 128 1234567890abcedf hex auth md5 1234567890abcdef hex
Published May 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page