Users Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

681

682

683

684

685

686

687

688

689

690

• key: species the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt

information. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits;

AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192.

• key-encryption-type: (optional) species if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is

encrypted).

• authentication-algorithm: species the authentication algorithm to use for encryption. The valid values are MD5 or SHA1.

• key: species the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For

MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key

must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted).

• key-authentication-type: (optional) species if the authentication key is encrypted. The valid values are 0 or 7.

• Remove an IPsec encryption policy from an OSPFv3 area.

no area area-id encryption ipsec spi number

• Display the conguration of IPsec encryption policies on the router.

show crypto ipsec policy

Displaying OSPFv3 IPsec Security Policies

To display the conguration of IPsec authentication and encryption policies, use the following commands.

• Display the AH and ESP parameters congured in IPsec security policies, including the SPI number, key, and algorithms used.

EXEC Privilege mode

show crypto ipsec policy [name name]

• name: displays conguration details about a specied policy.

• Display security associations set up for OSPFv3 links in IPsec authentication and encryption policies on the router.

EXEC Privilege

show crypto ipsec sa ipv6 [interface interface]

To display information on the SAs used on a specic interface, enter interface interface, where interface is one of the following

values:

• For a 10-Gigabit Ethernet interface, enter TenGigabitEthernet slot/port.

• For a Port Channel interface, enter port-channel number.

• For a 40-Gigabit Ethernet interface, enter FortyGigabitEthernet slot/port.

• For a VLAN interface, enter vlan vlan-id. The valid VLAN IDs are from 1 to 4094.

Examples of the show crypto ipsec Commands

In the rst example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold).

Dell#show crypto ipsec policy

Crypto IPSec client security policy data

Policy name : OSPFv3-1-502

Policy refcount : 1

Inbound ESP SPI : 502 (0x1F6)

Outbound ESP SPI : 502 (0x1F6)

Inbound ESP Auth Key : 123456789a123456789b123456789c12

Outbound ESP Auth Key : 123456789a123456789b123456789c12

Inbound ESP Cipher Key :

123456789a123456789b123456789c123456789d12345678

Outbound ESP Cipher Key : 123456789a123456789b123456789c123456789d12345678

Transform set : esp-3des esp-md5-hmac

Crypto IPSec client security policy data

Policy name : OSPFv3-1-500

686

Open Shortest Path First (OSPFv2 and OSPFv3)