Applying ipsec policies for ospfv3, Configuration prerequisites, Configuration procedure – H3C Technologies H3C SR8800 User Manual
Page 325
309
Step Command
Remarks
4.
Quit the OSPFv3 view.
quit
N/A
5.
Enter interface view.
interface interface-type
interface-number
N/A
6.
Enable an OSPFv3 process on
the interface.
ospfv3 process-id area area-id
[ instance instance-id ]
Not enabled by default
7.
Enable BFD on the interface.
ospfv3 bfd enable [ instance
instance-id ]
Not enabled by default
NOTE:
For more information about BFD, see
High Availability Configuration Guide.
Applying IPsec policies for OSPFv3
To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using
an IPsec policy.
Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy.
A router uses the SPI carried in a received packet to match against the configured IPsec policy. If they
match, the router accepts the packet; otherwise, it discards the packet and will not establish a neighbor
relationship with the sending router.
You can configure an IPsec policy for an area, an interface or a virtual link.
•
To implement area-based IPsec protection, you need to configure the same IPsec policy on the
routers in the target area.
•
To implement interface-based IPsec protection, you need to configure the same IPsec policy on the
interfaces between two neighboring routers.
•
To implement virtual link-based IPsec protection, you need to configure the same IPsec policy on the
two routers connected over the virtual link.
If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.
If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own IPsec policy.
Configuration prerequisites
Before you apply an IPsec policy for OSPFv3, complete the following tasks.
•
Create an IPsec proposal.
•
Create an IPsec policy.
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration procedure
To apply an IPsec policy in an area:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter OSPFv3 view.
ospfv3 [ process-id ]
N/A
3.
Enter OSPF area view.
area area-id
N/A
- H3C SR6600-X H3C SR6600 H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module