From: Tarun Pahuja (pahujat@gmail.com)
Date: Fri May 25 2007 - 13:17:06 ART
Laurean,
Just like OSPF authentication which can be enabled on an
interface or for the whole area. IPSec for OSPF for IPv6 can be configured
on an interface or on an OSPF area as well . For higher security, users
should configure a different policy on each interface configured with IPSec.
Te following link would give you examples for both types (Link & Area).
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_ospf3.htm
Thanks,
Tarun Pahuja
CCIE#7707(R&S,Security,SP,Voice,Storage),CCSI
On 5/25/07, Narbik Kocharians <narbikk@gmail.com> wrote:
>
> It's not that big of a deal to configure authentication for the routing
> protocols in IPV6, note its much simpler than configuring IPSec VPNs, i
> would recommend knowing it. By the way IPSec VPNs are now part of the
> written test.
>
> interface Ethernet0/0
> ipv6 enable
> ipv6 ospf 1 area 0
> ipv6 ospf authentication ipsec spi 500 md5
> 1234567890ABCDEF1234567890ABCDEF
>
>
> ipv6 router ospf 1
> router-id 11.11.11.1
> area 0 authentication ipsec spi 1000 md5 1234567890ABCDEF1234567890ABCDEF
>
>
> On 5/25/07, Tarun Pahuja <pahujat@gmail.com> wrote:
>
> > Laurean,
> > RIPng & OSPF v3 does not include its own authentication
> > mechanism. It is assumed that if authentication and/or encryption are
> > needed, they will be provided using the standard IPSec features defined
> > for
> > IPv6 at the IP layer. This is more efficient than having individual
> > protocols like RIPng perform authentication. Here is a link on how to
> > configue authentication for OSPF v3.
> >
> > http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080573b9c.html#wp1106263
> >
> >
> > Hope this Helps.
> >
> > Tarun Pahuja
> > CCIE#7707(R&S,Security,SP,Voice,Stoage)
> >
> >
> >
> >
> > On 5/25/07, Laurean Stefenel <laureans@hotmail.com> wrote:
> > >
> > > Hi Group,
> > >
> > > I have a question regarding R&S Lab requirements for IPv6:
> > > Authentication for RIPng and OSPFv3 is not part of the protocol
> > anymore
> > > and is
> > > using IPv6 IPSec; IPSec is not in the LAB Blue print, does anyone know
> > if
> > > routing protocols authentication is a requirement for IPv6?
> > >
> > > Thanks
> > > Laurean
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> Network Learning, Inc. (CCIE class Instructor)
> www.ccbootcamp.com (CCIE Training)
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART