TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Using IPsec to Secure OSPFv3 Networks (CLI Procedure)

OSPF version 3 (OSPFv3) does not have a built-in authentication method and relies on IP Security (IPsec) to provide this functionality. You can use IPsec to secure OSPFv3 interfaces on EX Series switches.

This topic includes:

Configuring Security Associations

When you configure a security association (SA), include your choices for authentication, encryption, direction, mode, protocol, and security parameter index (SPI).

To configure a security association:

Specify a name for the security association:
[edit security ipsec] user@switch# set security-association sa-name
Specify the mode of the security association:
[edit security ipsec security-association sa-name] user@switch# set mode transport
Specify the type of security association:
[edit security ipsec security-association sa-name] user@switch# set type manual
Specify the direction of the security association:
[edit security ipsec security-association sa-name] user@switch# set direction bidirectional
Specify the value of the security parameter index:
[edit security ipsec security-association sa-name] user@switch# set spi spi-value
Specify the type of authentication to be used:
[edit security ipsec security-association sa-name] user@switch# set authentication algorithm type
Specify the encryption algorithm and key:
[edit security ipsec security-association sa-name] user@switch# set encryption algorithm algorithm key type

Securing OPSFv3 Networks

You can secure the OSPFv3 network by applying the SA to the OSPFv3 configuration.

To secure the OSPFv3 network:

[edit protocols ospf3 area area-number interface interface-name]
user@switch# set ipsec-sa sa-name

TechLibrary

Related Documentation

Using IPsec to Secure OSPFv3 Networks (CLI Procedure)

Configuring Security Associations

Securing OPSFv3 Networks

Related Documentation

Published: 2012-12-07