OS10 Enterprise Edition User Guide Release 10.4.0E(R3)

PDF

area encryption

Configures encryption for an OSPFv3 area.

Syntax
area area-id encryption ipsec spi number esp encryption-type key authentication-type key
Parameters
  • area area-id — Enter an area ID as a number or IPv6 prefix.
  • ipsec spi number — Enter a unique security policy index number (256 to 4294967295).
  • esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported.
  • key — Enter the text string used in the encryption algorithm.
  • authentication-type — Enter the encryption authentication algorithm to use (MD5 or SHA1).
  • key — Enter the text string used in the authentication algorithm.
Default
OSPFv3 area encryption is not configured.
Command Mode
ROUTER-OSPFv3
Usage Information
  • Before you enable IPsec encryption for an OSPFv3 area, you must enable OSPFv3 globally on each router.
  • When you configure encryption at the area level, both IPsec encryption and authentication are enabled. You cannot configure encryption if you have already configured an IPsec area authentication ( area ospf authentication ipsec). To configure encryption, you must first delete the authentication policy.
  • All OSPFv3 routers in the area must share the same encryption key to decrypt information. Only a non-encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES — 16 hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192.
  • All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.
Example
OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5
                                       12345678123456781234567812345678
                                    
Supported Releases
10.4.0E(R1) or later

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\