Using IPsec to Secure OSPFv3 Networks (CLI Procedure)
OSPF version 3 (OSPFv3) does not have a built-in authentication method and relies on IP Security (IPsec) to provide this functionality. You can use IPsec to secure OSPFv3 interfaces on EX Series switches.
This topic includes:
Configuring Security Associations
When you configure a security association (SA), include your choices for authentication, encryption, direction, mode, protocol, and security parameter index (SPI).
To configure a security association:
- Specify a name for the security association:
[edit security ipsec]
user@switch# set security-association sa-name - Specify the mode of the security association:
[edit security ipsec security-association sa-name]
user@switch# set mode transport - Specify the type of security association:
[edit security ipsec security-association sa-name]
user@switch# set type manual - Specify the direction of the security association:
[edit security ipsec security-association sa-name]
user@switch# set direction bidirectional - Specify the value of the security parameter index:
[edit security ipsec security-association sa-name]
user@switch# set spi spi-value - Specify the type of authentication to be used:
[edit security ipsec security-association sa-name]
user@switch# set authentication algorithm type - Specify the encryption algorithm and key:
[edit security ipsec security-association sa-name]
user@switch# set encryption algorithm algorithm key type
Securing OPSFv3 Networks
You can secure the OSPFv3 network by applying the SA to the OSPFv3 configuration.
To secure the OSPFv3 network:
[edit protocols ospf3 area area-number interface interface-name]
user@switch# set ipsec-sa sa-name
Related Topics
- Understanding IPsec Authentication for OSPF Packets on EX Series Switches
- Configuring an OSPF Network (J-Web Procedure)
- For details on these configuration statements, see the Junos OS System Basics Configuration Guide at http://www.juniper.net/techpubs/software/junos/index.html.
