OSPFv3 neighbor authentication 6.2.1
This feature adds OSPFv3 neighbor authentication for IPv6 enhanced security.
The following CLI commands are added for authentication for OSPF6 interface:
config router ospf6 config ospf6-interface edit <name> set authentication {none | ah | esp | area} set key-rollover-interval <integer> set ipsec-auth-alg {md5 | sha1 | sha256 | sha384 | sha512} set ipsec-enc-alg {null | des | 3des | aes128 | aes192 | aes256} config ipsec-keys edit <spi> set auth-key <string> set enc-key <string> next end next end end
The following CLI commands are added for authentication for OSPF6 virtual-link:
config router ospf6 config area edit <id> config virtual-link edit <name> set authentication {none | ah | esp | area} set key-rollover-interval <integer> set ipsec-auth-alg {md5 | sha1 | sha256 | sha384 | sha512} set ipsec-enc-alg {null | des | 3des | aes128 | aes192 | aes256} config ipsec-keys edit <spi> set auth-key <string> set enc-key <string> next end next end next end end
The following CLI commands are added for authentication for OSPF6 area configuration:
config router ospf6 config area edit <id> set authentication {none | ah | esp} set key-rollover-interval <integer> set ipsec-auth-alg {md5 | sha1 | sha256 | sha384 | sha512} set ipsec-enc-alg {null | des | 3des | aes128 | aes192 | aes256} config ipsec-keys edit <spi> set auth-key <string> set enc-key <string> next end next end end
CLI command descriptions
Command |
Description |
---|---|
<id> |
Area entry IP address. |
authentication {none | ah | esp | area} |
Authentication mode:
|
key-rollover-interval <integer> |
Enter an integer value (300 - 216000, default = 300). |
ipsec-auth-alg {md5 | sha1 | sha256 | sha384 | sha512} |
Authentication algorithm. |
ipsec-enc-alg {null | des | 3des | aes128 | aes192 | aes256} |
Encryption algorithm. |
<spi> |
Security Parameters Index. |
auth-key <string> |
Authentication key should be hexadecimal numbers. Key length for each algorithm:
If the key is shorter than the required length, it will be padded with zeroes. |
enc-key <string> |
Encryption key should be hexadecimal numbers. Key length for each algorithm:
If the key is shorter than the required length, it will be padded with zeroes. |