encryption ipsec spi

Syntax

encryption ipsec spi <SPI-INDEX> <AUTH-TYPE> <KEY-TYPE> <AUTH-KEY> 
([<ENCR-TYPE> <KEY-TYPE> <ENCR-KEY>] | null)

no encryption

Description

Configures IPSec ESP for Vlink.

The no form of this command removes IPsec ESP for Vlink from the specified area.

Command context

config-router-vlink

Parameters

spi <SPI-INDEX>

Specifies the Security Parameters Index (SPI) to use. The SPI is an identification tag carried in the IPsec ESP header. It enables the receiving OSPF process to select and use the Security Association (SA) from the SA table. IPsec ESP SPI must be unique on the switch. Range: 256-4294967295 characters.

<AUTH-TYPE>

Specifies the algorithm to use for authentication: md5 or sha1.

<ENCR-TYPE>

Specifies the algorithm to use for encryption: des, 3des or aes.

<KEY-TYPE>

Specifies the key type to use: plaintext (unencrypted), hex-string (encrypted) or ciphertext (encrypted).

<AUTH-KEY>

Specifies the key to use for IPsec.

<ENCR-KEY>

Specifies the encryption key to use for IPsec.

Authority

Administrators

Examples

Setting area 1 to use IPSec ESP for Vlink:

switch# configure terminal
switch(config)# router ospfv3 1
switch(config-ospfv3-1)# area 1
switch(config-ospfv3-1)# area 1 virtual-link 3.3.3.3
switch(config-router-vlink6)# encryption ipsec spi 256 md5 plaintext abcd des plaintext abcdefab
switch# configure terminal
switch(config)# router ospfv3 1
switch(config-ospfv3-1)# area 1
switch(config-ospfv3-1)# area 1 virtual-link 3.3.3.3
switch(config-router-vlink6)# encryption ipsec spi 256 md5 plaintext abcd null

Removing IPSec ESP for Vlink on area 1:

switch# configure terminal
switch(config)# router ospfv3 1
switch(config-ospfv3-1)# area 1 virtual-link 3.3.3.3
switch(config-router-vlink6)# no encryption