Configuring RIPng IPSec Authentication
Context
As networks develop rapidly, network security has become a major concern. If IPSec authentication is configured on a RIPng network, the sent and received RIPng packets will be authenticated, and those cannot pass authentication will be discarded. This can improve the security of the RIPng network.
One method is to configure IPSec authentication in RIPng processes. If IPSec authentication is enabled in a RIPng process, this configuration takes effect on all interfaces in this RIPng process. This method is recommended if IPSec authentication needs to be applied to all interfaces in a RIPng process.
The other method is to configure IPSec authentication on RIPng interfaces. This method is recommended if IPSec authentication needs to be applied only to some interfaces in a RIPng process.
Procedure
- Configuring IPSec authentication in a RIPng process
- Configuring IPSec authentication on a RIPng interface
- (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
- Run ripng ipsec sa sa-name
IPSec authentication is enabled on the interface, and the name of an SA is specified.
By default, IPSec authentication is disabled on a RIPng interface.
The ripng ipsec sa command takes precedence over the ipsec sa command. If both commands are run in respective views and different SA names are specified, only the configuration of the ripng ipsec sa command takes effect.
- (Optional) On an Ethernet interface, run undo portswitch