The ipsec sa command enables IPsec authentication in a RIPng process.
The undo ipsec sa command disables IPsec authentication in a RIPng process.
By default, IPsec authentication is disabled in a RIPng process. Configuring IPsec authentication is recommended to ensure system security.
| Parameter | Description | Value |
|---|---|---|
| sa-name |
Specifies the name of a security association (SA). |
It is a string of 1 to 15 case-sensitive characters, spaces not supported. The characters can be letters or numbers, hyphens (-) not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
Usage Scenario
As network services develop, security has become an increasing concern. RIPng IPsec uses defined SAs to authenticate received RIPng packets and those to be sent. Those packets that fail to be authenticated are discarded, which prevents RIPng networks from being attacked by forged RIPng packets.
If the ipsec sa command is run for a RIPng process, all packets of the process will be authenticated using the SA specified in the command, indicating that IPsec authentication takes effect on all interfaces in the RIPng process.Prerequisites
A RIPng process has been created and the RIPng view has been displayed using the ripng command.
Precautions
The ripng ipsec sa command takes precedence over the ipsec sa command. If both commands are run in respective views and different SA names are specified, only the configuration of the ripng ipsec sa command takes effect.