area <AREA-ID> authentication ipsec
Syntax
area <AREA-ID> authentication ipsec spi <SPI-INDEX> <AUTH-TYPE> <KEY-TYPE> <AUTH-KEY>
no area <AREA-ID> authentication
Description
Configures IPSec AH authentication for the specified area. OSPFv3 interfaces which have IPsec configured at the interface context will not use area level IPsec.
The
no
form of this command removes IPSec AH authentication for the specified area.
IPSec is not supported for 6in6 tunnel interfaces.
Command context
config-ospf
Parameters
<AREA-ID>
- Specifies the area ID is one of the following formats.
OSPF area identifier in IPv4 address format.
OSPF area identifier in decimal format. Range: 0-4294967295.
spi <SPI-INDEX>
Specifies the Security Parameters Index (SPI) to use. The SPI is an identification tag carried in the IPsec AH header. It enables the receiving OSPF process to select and use the Security Association (SA) from the SA table. The SPI must be unique on the switch. Range: 256-4294967295 characters.
- <AUTH-TYPE>
Specifies the algorithm to use for authentication:
md5
orsha1
.- <KEY-TYPE>
Specifies the key type to use:
plaintext
(unencrypted),hex-string
(encrypted) orciphertext
(encrypted).- <AUTH-KEY>
Specifies the key.
Authority
Administrators
Examples
Setting area 1 to use IPsec authentication(AH):
switch(config)# router ospfv3 1 switch(config-ospfv3-1)# area 1 authentication ipsec spi 256 sha1 plaintext abcd
Removing IPsec authentication (AH) on area 1:
switch(config)# router ospfv3 1 switch(config-ospfv3-1)# no area 1 authentication