Configures Internet Protocol Security (IPsec) with a manual key to provide authentication on OSPFv3 interfaces.
| ospfv3 | Specifies OSPFv3 interface. |
| vlan | Specifies OSPFv3 VLAN. |
| vlan-name | Specifies an IPv6 configured VLAN. |
| tunnel | |
| tunnel-name | Specifies an IPv6 tunnel. |
| authentication | Specifies interface authentication. |
| none | Specifies no authentication (default). |
| keychain | Specifies the authentication method is keychain. |
| keychain-name | Specifies the keychain name. |
| ipsec spi | Specifies the authentication type is IPsec Encapsulating Security Payload (ESP) with manual key. |
| spi | Specifies Security Parameter Index value. Range is 256-4294967295. |
| esp-auth-algorithm | Specifies the ESP Authentication algorithm. |
| algorithm |
Specifies the authentication algorithm. Supported authentication algorithms are hmac-sha-1 and hmac-sha-256. |
| key | Specifies the authentication key. |
| key-string |
Specifies the key string in clear text. Both the ASCII string and hexadecimal string are supported, and hexadecimal string must begin with “0x”. |
| encrypted | Specifies that the key string is in encrypted format. |
| encrypted-key-string |
Specifies the encrypted key string. The encrypted key string must be enclosed in double quotes. |
If not specified, no authentication is applied.
When configuring IPsec with manual key on an OSPFv3 VLAN, the exact same IPsec parameters (SPI, algorithm and key-string) must be specified on all routers connected to that VLAN.
To configure OSPFv3 virtual link authentication, run the command configure ospfv3 virtual-link {routerid} router-identifier {area} area-identifier authentication [none | keychain keychain-name | ipsec spi spi esp-auth-algorithm algorithm key [key-string | encrypted encrypted-key-string].
The following example for VLAN "v1" applies authentication type IPsec with SPI "551" and algorithm "hmac-sha-256" with key "mykey":
# configure ospfv3 vlan v1 authentication ipsec spi 551 esp-auth-algorithm hmac-sha-256 key mykey
This command was first available in ExtremeXOS 31.2.