IPsec can be configured to secure communications on an OSPFv3 area.
About this task
Note
When IPsec is configured for an area, the security policy is applied to all the interfaces in the area.
Procedure
-
Enter the
configure terminal command to access global configuration mode.
device# configure terminal
-
Enter the
ip router-id command to specify the router ID.
device(config)# ip router-id 10.11.12.13
-
Enter the
ipv6 router ospf command to enter OSPFv3 configuration mode and enable OSPFv3 on the device.
device(config)# ipv6 router ospf
-
Enter
area authentication
spi
spi
ah
hmac-md5
key, specifying an area, and enter a 40-character hexadecimal key.
device(config-ipv6-router-ospf-vrf-default-vrf)# area 0 authentication spi 600 ah hmac-md5 key abcef12345678901234fedcba098765432109876
IPsec is configured in OSPv3 area 0 with a security parameter index (SPI) value of 600, and the authentication header (AH) protocol is selected. Message Digest 5 (MD5) authentication on the area is enabled.
Example
The following example enables AH and MD5 authentication for the OSPFv3 area, setting an SPI value of 600.
device# configure terminal
device(config)# ip router-id 10.11.12.13
device(config)# ipv6 router ospf
device(config-ipv6-router-ospf-vrf-default-vrf)# area 0 authentication spi 600 ah hmac-md5 key abcef12345678901234fedcba098765432109876
