Configuring IPsec on an OSPFv3 area

Note

When IPsec is configured for an area, the security policy is applied to all the interfaces in the area.

1. Enter the configure terminal command to access global configuration mode.
   

   device# configure terminal

2. Enter the ip router-id command to specify the router ID.
   

   device(config)# ip router-id 10.11.12.13

3. Enter the ipv6 router ospf command to enter OSPFv3 configuration mode and enable OSPFv3 on the device.
   

   device(config)# ipv6 router ospf

4. Enter area authentication spi spi ah hmac-md5 key, specifying an area, and enter a 40-character hexadecimal key.
   

   device(config-ipv6-router-ospf-vrf-default-vrf)# area 0 authentication spi 600 ah hmac-md5 key abcef12345678901234fedcba098765432109876
   

   

   Note

   MD5 passwords cannot have ASCII character 32 ('SPACE') as a part of the password string.
   IPsec is configured in OSPv3 area 0 with a security parameter index (SPI) value of 600, and the authentication header (AH) protocol is selected. Message Digest 5 (MD5) authentication on the area is enabled.

The following example enables AH and MD5 authentication for the OSPFv3 area, setting an SPI value of 600.

device# configure terminal
device(config)# ip router-id 10.11.12.13
device(config)# ipv6 router ospf
device(config-ipv6-router-ospf-vrf-default-vrf)# area 0 authentication spi 600 ah hmac-md5 key abcef12345678901234fedcba098765432109876