Configure Internet Protocol Security (IPsec) with a manual key to provide authentication on OSPFv3 virtual-links.
| ospfv3 | Specifies OSPFv3 virtual-link. |
| virtual-link | OSPFv3 virtual link. |
| routerid | OSPFv3 router ID. |
| router-identifier | Specifies the router identifier of the advertising router. |
| area | OSPFv3 area. |
| area-identifier | Specifies an OSPFv3 area, a four-byte, dotted decimal number. |
| authentication | Specifies interface authentication. |
| none | Specifies no authentication (default). |
| keychain | Specifies the authentication method is keychain. |
| keychain-name | Specifies the keychain name. |
| ipsec spi | Specifies the authentication type is IPsec Encapsulating Security Payload (ESP) with manual key. |
| spi | Specifies Security Parameter Index value. Range is 256-4294967295. |
| esp-auth-algorithm | Specifies the ESP Authentication algorithm. |
| algorithm |
Specifies the authentication algorithm. Supported authentication algorithms are hmac-sha-1 and hmac-sha-256. |
| key | Specifies the authentication key, |
| key-string |
Specifies the key string in clear text. Both the ASCII string and hexadecimal string are supported, and hexadecimal string must begin with “0x”. |
| encrypted | Specifies that the key string is in encrypted format. |
| encrypted-key-string |
Specifies the encrypted key string. The encrypted key string must be enclosed in double quotes. |
If not specified, no authentication is applied.
When configuring IPsec with a manual key on an OSPFv3 virtual link, the exact same IPsec parameters (SPI, algorithm and key-string) must be specified on all routers connected to both sides of the virtual link.
To configure OSPFv3 VLAN authentication, run the command configure ospfv3 [{vlan} vlan-name | {tunnel} tunnel-name] authentication [none | keychain keychain-name | ipsec spi spi esp-auth-algorithm algorithm key [key-string | encrypted encrypted-key-string].
The following example for virtual-link "5.5.5.5 0.0.0.2" applies authentication type IPsec with SPI "1001" and algorithm "hmac-sha-1" with key "mykey":
# configure ospfv3 virtual-link 5.5.5.5 0.0.0.2 authentication ipsec spi 1001 esp-auth-algorithm hmac-sha-1 key mykey
This command was first available in ExtremeXOS 31.2.