configure ospfv3 authentication (IPsec)

configure ospfv3 [{vlan} vlan-name | {tunnel} tunnel-name] authentication [none |ipsec spi spi esp-auth-algorithm algorithm key [key-string | encrypted encrypted-key-string]


Configures Internet Protocol Security (IPsec) with a manual key to provide authentication on OSPFv3 interfaces.

Syntax Description

ospfv3 Specifies OSPFv3 interface.
vlan Specifies OSPFv3 VLAN.
vlan-name Specifies an IPv6 configured This command is available on the ExtremeSwitching X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, 5520 series switches..
tunnel Specifies Layer 3 tunnel.
tunnel-name Specifies an Layer 3 tunnel name.
authentication Specifies interface authentication.
none Specifies no authentication (default).
ipsec spi Specifies the authentication type is IPsec Encapsulating Security Payload (ESP) with manual key.
spi Specifies Security Parameter Index value. Range is 256-4294967295.
esp-auth-algorithm Specifies the ESP Authentication algorithm.

Specifies the authentication algorithm.

Supported authentication algorithms are hmac-sha-1 and hmac-sha-256.

key Specifies the authentication key.

Specifies the key string in clear text.

Both the ASCII string and hexadecimal string are supported, and hexadecimal string must begin with “0x”.

encrypted Specifies that the key string is in encrypted format.

Specifies the encrypted key string.

The encrypted key string must be enclosed in double quotes.


If not specified, no authentication is applied.

Usage Guidelines

When configuring IPsec with manual key on an OSPFv3 VLAN, the exact same IPsec parameters (SPI, algorithm and key-string) must be specified on all routers connected to that VLAN.

To configure OSPFv3 virtual link authentication, run the command ospfv3 virtual-link {routerid} router-identifier {area} area-identifier authentication [none | ipsec spi spi esp-auth-algorithm algorithm key [key-string | encrypted encrypted-key-string].


The following example for VLAN "v1" applies authentication type IPsec with SPI "551" and algorithm "hmac-sha-256" with key "mykey":

# configure ospfv3 vlan v1 authentication ipsec spi 551 esp-auth-algorithm hmac-sha-256 key mykey


This command was first available in ExtremeXOS 31.2.

Platform Availability

This command is available on platforms with an Advanced Edge or Base license, or higher, as described in the ExtremeXOS and Switch Engine 31.7 Feature License Requirements document.