The ripng ipsec sa command enables IPsec authentication on a RIPng interface.
The undo ripng ipsec sa command disables IPsec authentication from a RIPng interface.
By default, IPsec authentication is disabled on a RIPng interface. Configuring IPsec authentication is recommended to ensure system security.
| Parameter | Description | Value |
|---|---|---|
| sa-name |
Specifies the name of a security association (SA). |
It is a string of 1 to 15 case-sensitive characters, spaces not supported. The characters can be letters or numbers, hyphens (-) not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
100GE interface view, 10GE interface view, 25GE sub-interface view, 25GE interface view, 400GE interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE electrical interface view, GMPLS-UNI interface view, Global VE sub-interface view, Tunnel interface view, VE sub-interface view, VLANIF interface view
Usage Scenario
As network services develop, security has become an increasing concern. RIPng IPsec uses defined SAs to authenticate received RIPng packets and those to be sent. Those packets that fail to be authenticated are discarded, which prevents RIPng networks from being attacked by forged RIPng packets.
To enable IPsec authentication on a specified RIPng interface so that this interface authenticates received RIPng packets and RIPng packets to be sent, run the ripng ipsec sa command.Prerequisites
IPv6 has been enabled on the interface using the ipv6 enable command.
Precautions
The ripng ipsec sa command takes precedence over the ipsec sa command. If both commands are run in respective views and different SA names are specified, only the configuration of the ripng ipsec sa command takes effect.
<HUAWEI> system-view [~HUAWEI] ipsec sa sa3 [*HUAWEI-ipsec-sa-sa3] quit [*HUAWEI] interface GigabitEthernet 0/1/0 [*HUAWEI-GigabitEthernet0/1/0] ipv6 enable [*HUAWEI-GigabitEthernet0/1/0] ripng ipsec sa sa3