beautypg.com

Configuring ipsec on a interface – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 343

background image

Syntax: [no] ipv6 ospf authentication ipsec key-add-remove-interval range

The no form of this command sets the key-add-remove-interval back to a default of 300 seconds.

The ipv6 command is available in the configuration interface context for a specific interface.

The ospf keyword identifies OSPFv3 as the protocol to receive IPsec security.

The authentication keyword enables authentication.

The ipsec keyword specifies IPsec as the authentication protocol.

The range is a value between 0 and 14400 seconds.

This command is not set by default and key-add-remove-interval is set to the same value as key-
rollover-interval.

NOTE
This command will not resolve the issue completely on a network where Brocade Routers running
software that does not support key-add-remove-interval (earlier versions of NetIron R05.3.00) and
other vendor’s routers are present. In this case, disabling and enabling the interface or setting key-
rollover-interval to 0 will resolve the issue.

Configuring IPsec on a interface

For IPsec to work, the IPsec configuration must be the same on all the routers to which an interface
connects.

For multicast, IPsec does not need or use a specific destination address, the destination address is "do
not care," and this status is reflected by the lone pair of colons (::) for destination address in the show
command output.

To configure IPsec on an interface, proceed as in the following example.

NOTE
The IPsec configuration for an interface applies to the inbound and outbound directions. Also, the same
authentication parameters must be used by all devices on the network to which the interface is
connected, as described in section 7 of RFC 4552.

device(config-if-e10000-1/2)#ipv6 ospf auth ipsec spi 429496795 esp sha1

abcdef12345678900987654321fedcba12345678

Syntax: [no] ipv6 ospf authentication ipsec spi spi-num esp sha1 [no-encrypt] key

The no form of this command deletes IPsec from the interface.

The ipv6 command is available in the configuration interface context for a specific interface.

The ospf keyword identifies OSPFv3 as the protocol to receive IPsec security.

The authentication keyword enables authentication.

The ipsec keyword specifies IPsec as the authentication protocol.

The spi keyword and the spi-num variable specify the security parameter that points to the security
association. The near-end and far-end values for spi-num must be the same. The range for spi-num is
decimal 256 through 4294967295.

The mandatory esp keyword specifies ESP (rather than authentication header) as the protocol to
provide packet-level security. In the current release, this parameter can be esp only.

Configuring IPsec on a interface

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

343

53-1003087-04

See also other documents in the category Brocade Computer Accessories: