Does anyone have example configs for implementing OSPFv3 Authentication? The AOS 8 CLI guide has some of the IPSEC commands, but doesnt really put the whole picture together for me.
I assume I will have to create manual IPSEC SAs between each peer? I have one interface with 7 adjacencies and another with 6.
I will have to create quite a few security associations. Since you have to specify a source and destination address fin the SAs, would I be using Link Local addresses for these?
Thanks!
OSPFv3 Authentication
Re: OSPFv3 Authentication
never used OSPFv3 (but in some weeks I will do it....). But you are correct: there is no ospf-auth like in OSPF for IPv4. So the onliest way will be the use of IPsec. Have you tested it like in network guide described? Did it work? Maybe next week I will find a time slot to do it in my lab....
I think (hope) there is no matter how many adjacencies there are per interface. You have to use the same keys at all switches and can config the policies to match all adjacencies.
regards
Silvio
I think (hope) there is no matter how many adjacencies there are per interface. You have to use the same keys at all switches and can config the policies to match all adjacencies.
regards
Silvio
-
- Member
- Posts: 9
- Joined: 07 Dec 2017 16:33
Re: OSPFv3 Authentication
The policy can apply to OSPF protocol. The problem is that you have manually configure the Security Association, and that requires source and destination IP addresses. (You can't use a summary address here). So maybe you will find a way, but I don't think there is a way to configure the Security Association on a one-to-many basis. I hope I'm wrong !
Re: OSPFv3 Authentication
I haven't checked it up to now... And there is no time. But I think you are correctly. So the best way will be to open a SR at Alcatel. Can you do it?
regards
Silvio
regards
Silvio