Applying ipsec policies for ospfv3, Configuration prerequisites, Configuration procedure – H3C Technologies H3C SR8800 User Manual

Page 325

Advertising
background image

309

Step Command

Remarks

4.

Quit the OSPFv3 view.

quit

N/A

5.

Enter interface view.

interface interface-type
interface-number

N/A

6.

Enable an OSPFv3 process on

the interface.

ospfv3 process-id area area-id
[ instance instance-id ]

Not enabled by default

7.

Enable BFD on the interface.

ospfv3 bfd enable [ instance
instance-id ]

Not enabled by default

NOTE:

For more information about BFD, see

High Availability Configuration Guide.

Applying IPsec policies for OSPFv3

To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using

an IPsec policy.
Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy.
A router uses the SPI carried in a received packet to match against the configured IPsec policy. If they

match, the router accepts the packet; otherwise, it discards the packet and will not establish a neighbor

relationship with the sending router.
You can configure an IPsec policy for an area, an interface or a virtual link.

To implement area-based IPsec protection, you need to configure the same IPsec policy on the
routers in the target area.

To implement interface-based IPsec protection, you need to configure the same IPsec policy on the
interfaces between two neighboring routers.

To implement virtual link-based IPsec protection, you need to configure the same IPsec policy on the
two routers connected over the virtual link.

If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.

If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own IPsec policy.

Configuration prerequisites

Before you apply an IPsec policy for OSPFv3, complete the following tasks.

Create an IPsec proposal.

Create an IPsec policy.

For more information about IPsec policy configuration, see Security Configuration Guide.

Configuration procedure

To apply an IPsec policy in an area:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.

Enter OSPF area view.

area area-id

N/A

Advertising
This manual is related to the following products:

H3C SR6600-X, H3C SR6600, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module

Popular Brands
Popular manuals