< Home

ipsec sa (OSPFv3)

Function

The ipsec sa command configures an Security Association (SA) in the OSPFv3 area or OSPFv3 process.

The undo ipsec sa command deletes the SA configured in the OSPFv3 area or OSPFv3 process.

By default, no SA is configured in the OSPFv3 area or OSPFv3 process.

Format

ipsec sa sa-name

undo ipsec sa

Parameters

Parameter Description Value
sa-name Specifies the name of an SA.

The value is an existing SA name.

Views

OSPFv3 view or OSPFv3 area view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An SA defines a set of security algorithms and keys to ensure IP security. Incoming and outgoing OSPFv3 packets are authenticated and encrypted based on the rules defined by the SA.

The ipsec sa sa-name command run in the OSPFv3 process view is used to authenticate packets of the OSPFv3 process. An SA applied in an OSPFv3 process is used to authenticate the packets of the process. After an OSPFv3 process is associated with an OSPFv3 area, the SA applied in the OSPFv3 process is also applied to the OSPFv3 area.

The ipsec sa sa-name command run in the OSPFv3 area view is used to authenticate packets of the OSPFv3 area.

  • The SA applied in an OSPFv3 area takes precedence over that applied in an OSPFv3 process.
  • If the SA applied in the OSPFv3 area is deleted, the SA applied in the OSPFv3 process is used to authenticate packets.

Example

# Configure an SA named sa1 in the OSPFv3 process. (This SA has been created.)

<HUAWEI> system-view
[HUAWEI] ospfv3 1
[HUAWEI-ospfv3-1] ipsec sa sa1

# Configure an SA named sa2 in the OSPFv3 area. (This SA has been created.)

<HUAWEI> system-view
[HUAWEI] ospfv3 1
[HUAWEI-ospfv3-1] area 10.0.0.0
[HUAWEI-ospfv3-1-area-10.0.0.0] ipsec sa sa2
Parent Topic: OSPFv3 Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >