Applying an IPsec profile

To protect routing information and prevent attacks, RIPng supports using an IPsec profile to authenticate protocol packets. For more information about IPsec profiles, see Security Configuration Guide.

Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec profile. A device uses the SPI carried in a received packet to match against the configured IPsec profile. If they match, the device accepts the packet. If they do not match, the device discards the packet and does not establish a neighbor relationship with the sending device.

You can configure an IPsec profile for a RIPng process or interface. The IPsec profile configured for a process applies to all packets in the process. The IPsec profile configured for an interface applies to packets on the interface. If an interface and its process each have an IPsec profile configured, the interface uses its own IPsec profile.

To apply an IPsec profile to a process:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3. Apply an IPsec profile to the process.

enable ipsec-profile profile-name

By default, no IPsec profile is applied.

To apply an IPsec profile to an interface:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Apply an IPsec profile to the interface.

ripng ipsec-profile profile-name

By default, no IPsec profile is applied.