ipsec sa (OSPFv3 view)

Function

The ipsec sa command configures an IP Security Association (SA) in the OSPFv3 area view and the OSPFv3 process view.

The undo ipsec sa command deletes the IP SA configured in the OSPFv3 area view and the OSPFv3 process view.

By default, no IP SA is configured in the OSPFv3 area view and the OSPFv3 process view.

Format

ipsec sa sa-name

undo ipsec sa

Parameters

Parameter Description Value
sa-name

Specifies the name of an SA.

The value is a string of 1 to 15 case-sensitive characters.

Views

OSPFv3 view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ospf write

Usage Guidelines

Usage Scenario

An SA defines a set of security algorithms and keys to ensure IP security. Incoming and outgoing OSPFv3 packets are authenticated based on the rules defined by the SA.

The ipsec sa sa-name command run in the OSPFv3 process view is used to authenticate packets of the OSPFv3 process. An SA applied to an OSPFv3 process is used to authenticate the packets of the process. After an OSPFv3 process is associated with an OSPFv3 area, the SA applied to the OSPFv3 process is also applied to the OSPFv3 area.

The ipsec sa sa-name command run in the OSPFv3 area view is used to authenticate packets of the OSPFv3 area.

  • The SA applied to an OSPFv3 area takes precedence over that applied to an OSPFv3 process.
  • If the SA applied to the OSPFv3 area is deleted, the SA applied to the OSPFv3 process is used to authenticate packets.

Example

# Configure an SA in the OSPFv3 process view.
<HUAWEI> system-view
[~HUAWEI] ipsec sa sa1
[*HUAWEI-ipsec-sa-sa1] quit
[*HUAWEI] ospfv3 1
[*HUAWEI-ospfv3-1] ipsec sa sa1
Parent Topic: OSPFv3 Configuration Command
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >