ipv6 ospfv3 encryption ipsec

Syntax

ipv6 ospfv3 encryption ipsec spi <SPI-INDEX> <AUTH-TYPE> <KEY-TYPE> <AUTH-KEY> 
({<ENCR-TYPE> <KEY-TYPE> <ENCR-KEY>} | null)

no ipv6 ospfv3 encryption

Description

Configures IPSec ESP. OSPFv3 interfaces that have IPsec configured at the interface context will not use area level IPsec ESP.

The no form of this command removes IPsec ESP for the specified area.

Command context

config-if

Parameters

spi <SPI-INDEX>

Specifies the Security Parameters Index (SPI) to use. The SPI is an identification tag carried in the IPsec ESP header. It enables the receiving OSPF process to select and use the Security Association (SA) from the SA table. The SPI must be unique on the switch. Range: 256-4294967295 characters.

<AUTH-TYPE>

Specifies the algorithm to use for authentication: md5 or sha1.

<ENCR-TYPE>

Specifies the algorithm to use for encryption: des, 3des or aes.

<KEY-TYPE>

Specifies the key type to use: plaintext (not encrypted), hex-string (encrypted) or ciphertext (encrypted).

<AUTH-KEY>

Specifies the authentication key.

<ENCR-KEY>

Specifies the encryption key.

Authority

Administrators

Examples

Setting interface 1/1/1 to use IPsec ESP:

switch(config)# interface 1/1/1
switch(config-if)# ipv6 ospfv3 encryption ipsec spi 256 sha1 plaintext abcdef aes 
plaintext abcdefabcdefabcdefab
switch(config)# interface 1/1/1
switch(config-if)# ipv6 ospfv3 encryption ipsec spi 256 sha1 plaintext abcdef null

Removing IPsec on interface 1/1/1:

switch(config)# interface 1/1/1
switch(config-if)# no ipv6 ospfv3 encryption