ipv6 ospfv3 encryption ipsec
Syntax
ipv6 ospfv3 encryption ipsec spi <SPI-INDEX> <AUTH-TYPE> <KEY-TYPE> <AUTH-KEY>
({<ENCR-TYPE> <KEY-TYPE> <ENCR-KEY>} | null)
no ipv6 ospfv3 encryption
Description
Configures IPSec ESP. OSPFv3 interfaces that have IPsec configured at the interface context will not use area level IPsec ESP.
The
no
form of this command removes IPsec ESP for the specified area.
Command context
config-if-vlan
Parameters
spi <SPI-INDEX>
Specifies the Security Parameters Index (SPI) to use. The SPI is an identification tag carried in the IPsec ESP header. It enables the receiving OSPF process to select and use the Security Association (SA) from the SA table. The SPI must be unique on the switch. Range: 256-4294967295 characters.
<AUTH-TYPE>
Specifies the algorithm to use for authentication:
md5
orsha1
.<ENCR-TYPE>
Specifies the algorithm to use for encryption:
des
,3des
oraes
.<KEY-TYPE>
Specifies the key type to use:
plaintext
(not encrypted),hex-string
(encrypted) orciphertext
(encrypted).<AUTH-KEY>
Specifies the authentication key.
<ENCR-KEY>
Specifies the encryption key.
Authority
Administrators or local user group members with execution rights for this command.
Examples
Setting interface VLAN 1 to use IPsec ESP:
switch(config)# interface vlan 1 switch(config-if-vlan)# ipv6 ospfv3 encryption ipsec spi 256 sha1 plaintext abcdef aes plaintext abcdefabcdefabcd
switch(config)# interface vlan 1 switch(config-if-vlan)# ipv6 ospfv3 encryption ipsec spi 256 sha1 plaintext abcdef null
Removing IPsec on interface VLAN 1:
switch(config)# interface vlan 1 switch(config-if-vlan)# no ipv6 ospfv3 encryption