configure ospfv3 virtual-link authentication

configure ospfv3 virtual-link {routerid} router-identifier {area} area-identifier authentication [none | keychain keychain-name | ipsec spi spi esp-auth-algorithm algorithm key [key-string | encrypted encrypted-key-string]

Description

Configure Internet Protocol Security (IPsec) with a manual key to provide authentication on OSPFv3 virtual-links.

Syntax Description

ospfv3 Specifies OSPFv3 virtual-link.
virtual-link OSPFv3 virtual link.
routerid OSPFv3 router ID.
router-identifier Specifies the router identifier of the advertising router.
area OSPFv3 area.
area-identifier Specifies an OSPFv3 area, a four-byte, dotted decimal number.
authentication Specifies interface authentication.
none Specifies no authentication (default).
keychain Specifies the authentication method is keychain.
keychain-name Specifies the keychain name.
ipsec spi Specifies the authentication type is IPsec Encapsulating Security Payload (ESP) with manual key.
spi Specifies Security Parameter Index value. Range is 256-4294967295.
esp-auth-algorithm Specifies the ESP Authentication algorithm.
algorithm

Specifies the authentication algorithm.

Supported authentication algorithms are hmac-sha-1 and hmac-sha-256.

key Specifies the authentication key,
key-string

Specifies the key string in clear text.

Both the ASCII string and hexadecimal string are supported, and hexadecimal string must begin with “0x”.

encrypted Specifies that the key string is in encrypted format.
encrypted-key-string

Specifies the encrypted key string.

The encrypted key string must be enclosed in double quotes.

Default

If not specified, no authentication is applied.

Usage Guidelines

When configuring IPsec with a manual key on an OSPFv3 virtual link, the exact same IPsec parameters (SPI, algorithm and key-string) must be specified on all routers connected to both sides of the virtual link.

To configure OSPFv3 VLAN authentication, run the command configure ospfv3 [{vlan} vlan-name | {tunnel} tunnel-name] authentication [none |ipsec spi spi esp-auth-algorithm algorithm key [key-string | encrypted encrypted-key-string].

Example

The following example for virtual-link "5.5.5.5 0.0.0.2" applies authentication type IPsec with SPI "1001" and algorithm "hmac-sha-1" with key "mykey":

# configure ospfv3 virtual-link 5.5.5.5 0.0.0.2 authentication ipsec spi 1001 esp-auth-algorithm hmac-sha-1 key mykey

History

This command was first available in ExtremeXOS 31.2.

Platform Availability

This command is available on platforms with an Advanced Edge or Base license, or higher, as described in the ExtremeXOS and Switch Engine 31.7 Feature License Requirements document.