area <AREA-ID> authentication ipsec

Syntax

area <AREA-ID> authentication ipsec spi <SPI-INDEX> <AUTH-TYPE> <KEY-TYPE> <AUTH-KEY>

no area <AREA-ID> authentication

Description

Configures IPSec AH authentication for the specified area. OSPFv3 interfaces which have IPsec configured at the interface context will not use area level IPsec.

The no form of this command removes IPSec AH authentication for the specified area.

NOTE:

IPSec is not supported for 6in6 tunnel interfaces.

Command context

config-ospf

Parameters

<AREA-ID>
Specifies the area ID is one of the following formats.
  • OSPF area identifier in IPv4 address format.

  • OSPF area identifier in decimal format. Range: 0-4294967295.

spi <SPI-INDEX>

Specifies the Security Parameters Index (SPI) to use. The SPI is an identification tag carried in the IPsec AH header. It enables the receiving OSPF process to select and use the Security Association (SA) from the SA table. The SPI must be unique on the switch. Range: 256-4294967295 characters.

<AUTH-TYPE>

Specifies the algorithm to use for authentication: md5 or sha1.

<KEY-TYPE>

Specifies the key type to use: plaintext (unencrypted), hex-string (encrypted) or ciphertext (encrypted).

<AUTH-KEY>

Specifies the key.

Authority

Administrators

Examples

Setting area 1 to use IPsec authentication(AH):

switch(config)# router ospfv3 1
switch(config-ospfv3-1)# area 1 authentication ipsec spi 256 sha1 plaintext abcd

Removing IPsec authentication (AH) on area 1:

switch(config)# router ospfv3 1
switch(config-ospfv3-1)# no area 1 authentication