Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Using IPsec to Secure OSPFv3 Networks (CLI Procedure)

    OSPF version 3 (OSPFv3) does not have a built-in authentication method and relies on IP Security (IPsec) to provide this functionality. You can use IPsec to secure OSPFv3 interfaces on EX Series switches.

    This topic includes:

    Configuring Security Associations

    When you configure a security association (SA), include your choices for authentication, encryption, direction, mode, protocol, and security parameter index (SPI).

    To configure a security association:

    1. Specify a name for the security association:
      [edit security ipsec]
      user@switch# set security-association sa-name
    2. Specify the mode of the security association:
      [edit security ipsec security-association sa-name]
      user@switch# set mode transport
    3. Specify the type of security association:
      [edit security ipsec security-association sa-name]
      user@switch# set type manual
    4. Specify the direction of the security association:
      [edit security ipsec security-association sa-name]
      user@switch# set direction bidirectional
    5. Specify the value of the security parameter index:
      [edit security ipsec security-association sa-name]
      user@switch# set spi spi-value
    6. Specify the type of authentication to be used:
      [edit security ipsec security-association sa-name]
      user@switch# set authentication algorithm type
    7. Specify the encryption algorithm and key:
      [edit security ipsec security-association sa-name]
      user@switch# set encryption algorithm algorithm key type

    Securing OPSFv3 Networks

    You can secure the OSPFv3 network by applying the SA to the OSPFv3 configuration.

    To secure the OSPFv3 network:

    [edit protocols ospf3 area area-number interface interface-name]
    user@switch# set ipsec-sa sa-name

    Published: 2012-12-07