Configuring ipsec on a interface – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

Page 689

Advertising
background image

Multi-Service IronWare Routing Configuration Guide

661

53-1003033-02

Configuring OSPFv3

Syntax: [no] ipv6 ospf authentication ipsec key-add-remove-interval range

The no form of this command sets the key-add-remove-interval back to a default of 300 seconds.

The ipv6 command is available in the configuration interface context for a specific interface.

The ospf keyword identifies OSPFv3 as the protocol to receive IPsec security.

The authentication keyword enables authentication.

The ipsec keyword specifies IPsec as the authentication protocol.

The range is a value between 0 and 14400 seconds.

This command is not set by default and key-add-remove-interval is set to the same value as
key-rollover-interval .

The key-add-remove-interval settings are displayed in the show command output as displayed in

“General OSPF configuration information”

on page 669 and

“Displaying IPv6 OSPFv3 interface

information in full mode”

on page 678.

NOTE

This command will not resolve the issue completely on a network where Brocade Routers running
software that does not support key-add-remove-interval (earlier versions of NetIron R05.3.00) and
other vendor’s routers are present. In this case, disabling and enabling the interface or setting
key-rollover-interval to 0 will resolve the issue.

Configuring IPsec on a interface

For IPsec to work, the IPsec configuration must be the same on all the routers to which an interface
connects.

For multicast, IPsec does not need or use a specific destination address — the destination address
is “do not care,” and this status is reflected by the lone pair of colons (::) for destination address in
the show command output.

To configure IPsec on an interface, proceed as in the following example.

NOTE

The IPsec configuration for an interface applies to the inbound and outbound directions. Also, the
same authentication parameters must be used by all routers on the network to which the interface
is connected, as described in section 7 of RFC 4552.

Brocade(config-if-e10000-1/2)#ipv6 ospf auth ipsec spi 429496795 esp sha1

abcdef12345678900987654321fedcba12345678

Syntax: [no] ipv6 ospf authentication ipsec spi spinum esp sha1 [no-encrypt] key

The no form of this command deletes IPsec from the interface.

The ipv6 command is available in the configuration interface context for a specific interface.

The ospf keyword identifies OSPFv3 as the protocol to receive IPsec security.

The authentication keyword enables authentication.

The ipsec keyword specifies IPsec as the authentication protocol.

Advertising
Popular Brands
Popular manuals