ipsec sa (RIPng)

Function

The ipsec sa command enables Internet Protocol Security (IPSec) authentication in a RIPng process.

The undo ipsec sa command disables IPSec authentication in a RIPng process.

By default, IPSec authentication is disabled in a RIPng process.

Product	Support
S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S	Supported
S2720-EI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S6720-LI, and S6720S-LI	Not supported

Format

ipsec sa sa-name

undo ipsec sa

Parameters

Parameter	Description	Value
sa-name	Specifies the name of an Security Association (SA)	The value is an existing SA name.

Views

RIPng view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The ipsec sa command enables IPSec authentication in a RIPng process. IPSec authenticates received and sent RIPng packets by using the specified SA (including the security algorithm and key). This improves the security of the RIPng network.

If the ipsec sa command is run for a RIPng process, all packets of the process will be authenticated by using the SA specified in the command. This means that the IPSec authentication configuration takes effect on all interfaces in the RIPng process.

If IPSec authentication needs to be enabled only on a certain RIPng interface, run the ripng ipsec sa command in the view of the interface.

Prerequisites

An IPSec SA has been configured.

Precaution

The ripng ipsec sa command takes precedence over the ipsec sa command. If both commands are run in respective views and different SA names are specified, only the configuration of the ripng ipsec sa command takes effect.

Example

# Enable IPSec in a RIPng process and specify sa1 as the SA name.

<HUAWEI> system-view
[HUAWEI] ripng 1
[HUAWEI-ripng-1] ipsec sa sa1