< Home

Configuring OSPFv3 IPSec Authentication

Context

Perform the following operations on the switch that runs OSPFv3.

To ensure device forwarding, configure OSPFv3 IPSec on all devices running OSPFv3.

Procedure

  • Use an SA to authenticate packets in a specified OSPFv3 process.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run ipsec sa sa-name

      An SA is configured in the OSPFv3 process.

      By default, no SA is configured in the OSPFv3 process.

      An OSPFv3 process can be associated with multiple OSPFv3 areas. An SA configured in an OSPFv3 process can be used in the associated areas.

  • Use an SA to authenticate packets in a specified OSPFv3 area.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run area area-id

      The OSPFv3 area view is displayed.

    4. Run ipsec sa sa-name

      An SA is configured in the OSPFv3 area.

      By default, no SA is configured in the OSPFv3 area.

      The SA configured on an OSPFv3 area takes precedence over that configured in an OSPFv3 process.

  • Use an SA to authenticate packets sent and received by an interface.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. (Optional) On an Ethernet interface, run undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

    4. Run ospfv3 ipsec sa sa-name

      An SA is configured on the interface.

      By default, no SA is configured on the OSPFv3 interface.

      The SA configured on an OSPFv3 interface takes precedence over that configured in an OSPFv3 process or an OSPFv3 area.

  • Use an SA to authenticate packets sent and received on a virtual link.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run area area-id

      The OSPFv3 area view is displayed.

    4. Run vlink-peer router-id ipsec sa sa-name

      An SA is configured on the virtual link.

      The SA configured on a virtual link takes precedence over that configured in an OSPFv3 process or OSPFv3 area 0.

  • Use an SA to authenticate packets sent and received on a sham link.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run area area-id

      The OSPFv3 area view is displayed.

    4. Run sham-link source-address destination-address ipsec sa sa-name

      An SA is configured on the sham link.

      The SA configured on a sham link takes precedence over that configured in an OSPFv3 process or OSPFv3 area 0.

Parent Topic: Configuring OSPFv3 IPSec
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >