key-
encryption-
algorithm
(OPTIONAL) Specifies if the key is encrypted.
Valid values: 0 (key is not encrypted) or 7 (key is encrypted).
key
Text string used in encryption.
The required lengths of a non-encrypted or encrypted key
are:
3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-
CBC -32 or 64 hex digits for AES-128 and 48 or 96 hex digits
for AES-192.
authentication-
algorithm
Specifies the authentication algorithm to use for encryption.
Valid values are
MD5
or
SHA1
.
key-
encryption-
type
(OPTIONAL) Specifies if the authentication key is encrypted.
Valid values: 0 (key is not encrypted) or 7 (key is encrypted).
key
Text string used in authentication.
For MD5 authentication, the key must be 32 hex digits (non-
encrypted) or 64 hex digits (encrypted).
For SHA-1 authentication, the key must be 40 hex digits
(non-encrypted) or 80 hex digits (encrypted).
null
Causes an encryption policy configured for the area to not
be inherited on the interface.
Defaults
Not configured.
Command
Modes
ROUTER OSPFv3
Command
History
Version 9.2(0.0)
Introduced on the MXL 10/40GbE Switch IO Module.
Usage
Information
Before you enable IPsec encryption on an OSPFv3 interface, first enable OSPFv3
globally on the router. Configure the same encryption policy (same SPI and keys)
on each interface in an OSPFv3 link.
An SPI value must be unique to one IPsec security policy (authentication or
encryption) on the router.
When you configure encryption for an OSPFv3 area with the
area encryption
command, you enable both IPsec encryption and authentication. However, when
Open Shortest Path First (OSPFv2 and OSPFv3)
983