Applying an IPsec profile
To protect routing information and prevent attacks, RIPng supports using an IPsec profile to authenticate protocol packets. For more information about IPsec profiles, see Security Configuration Guide.
Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec profile. A device compares the SPI carried in a received packet with the configured IPsec profile. If they match, the device accepts the packet. If they do not match, the device discards the packet and does not establish a neighbor relationship with the sending device.
You can configure an IPsec profile for a RIPng process or interface. The IPsec profile configured for a process applies to all packets in the process. The IPsec profile configured for an interface applies to packets on the interface. If an interface and its process each have an IPsec profile configured, the interface uses its own IPsec profile.
To apply an IPsec profile to a process:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter RIPng view. | ripng [ process-id ] | N/A |
3. Apply an IPsec profile to the process. | enable ipsec-profile profile-name | By default, no IPsec profile is applied. |
To apply an IPsec profile to an interface:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Apply an IPsec profile to the interface. | ripng ipsec-profile profile-name | By default, no IPsec profile is applied. |