IPsec can be configured to secure communications on an OSPFv3 interface.
Before you begin
For IPsec to work, the IPsec configuration must be the same on all the routers to which an interface connects.
About this task
Note
Ensure that OSPFv3 areas are assigned. All device interfaces must be assigned to one of the defined areas on an OSPFv3 router. When an interface is assigned to an area, all corresponding subnets on that interface are automatically included in the assignment.
Procedure
-
Enter the
configure terminal command to access global configuration mode.
device# configure terminal
-
Enter the
interface command and specify an interface.
device(config)# interface ethernet 1/1
-
Enter the
ipv6 ospf area command to assign a specified area to the interface.
device(conf-if-eth-1/1)# ipv6 ospf area 0
-
Enter
ipv6 ospf authentication
spi
value
esp
null
hmac-sha1 and specify a 40-character hexadecimal key.
device(conf-if-eth-1/1)# ipv6 ospf authentication spi 512 esp null hmac-sha1 key abcef12345678901234fedcba098765432109876
IPsec is configured on the specified interface with a security parameter index (SPI) value of 512, and the Encapsulating Security Payload (ESP) protocol is selected. Secure Hash Algorithm 1 (SHA-1) authentication is enabled.
Example
The following example enables ESP and SHA-1 on a specified OSPFv3 Ethernet interface.
device# configure terminal
device(config)# interface ethernet 1/1
device(conf-if-eth-1/1)# ipv6 ospf area 0
device(conf-if-eth-1/1)# ipv6 ospf authentication spi 512 esp null hmac-sha1 key abcef12345678901234fedcba098765432109876
