TechTutorials - Free Computer Tutorials  

IPv6 Training (Cisco): Using the “area authentication (IPv6)” Command 

Added: 11/16/2008, Hits: 3,290, Rating: 0, Comments: 0, Votes: 0
Add To Favorites | Comment on this article
Well, if you’re already a network administrator for an IPv6 OSPF network, then you’re most likely already familiar with the “area authentication” (IPv6) command; but, just in case you’re not this article will quickly get you caught up.

The “area authentication” (IPv6) command, is a Cisco IOS command that is performed while a Cisco router is in “Router” configuration mode. It was introduced in the Cisco IOS 12.3(4) T release and was later enhanced to include the use of the “sha1” keyword with the 12.4 (4) T release.

Network administrators (like you) use the “area authentication” (IPv6) command, to enable authentication for an OSPF area, below is the proper syntax and 2 examples of the command being used.

area area-id authentication ipsec spi spi {md5 | sha1} [key-encryption-type] key

Example 1:
Router(config-router)#area 1 authentication ipsec spi 678 md5 1234567890ABCDEF1234567890ABCDEF

Example 2:
Router(config-router)#area 0 authentication ipsec spi 1000 sha1 1234567890123456789012345678901234567890

In the first example, a network administrator is enabling Message Digest 5 (MD5) authentication for OSPF area 1. And, in the second example, a network administrator is enabling Secure Hash Algorithm 1 (SHA-1) authentication for OSPF area 0.

Now, let’s say a network administrator (like you) used the “area authentication” (IPv6) command on a Cisco router to enable authentication for a particular OSPF area, but, now he or she wants to remove the authentication for that particular area.

In order to remove an authentication specification of an area or a specified area from the configuration, all a network administrator (like you) needs to do is type the word “no” in front of the command like you see in the 2 examples below.

Example 1:
Router(config-router)# no area 1 authentication ipsec spi 678

Example 2:
Router(config-router)# no area 0 authentication ipsec spi 1000

The “area authentication” (IPv6) command Keywords and Arguments Explained

area-id – This argument is an identifier of the area about which routes are to be summarized. It can be specified as either a decimal value or as an IPv6 prefix.

ipsec – This keyword represents IP Security (IPSec).

spi spi – This keyword is the Security Policy Index (SPI) and its value. The spi value must be a number from 256 to 4294967295, which is entered as a decimal.

md5 – This keyword enables Message Digest 5 (MD5) authentication on the area specified by the area-id argument. (Remember if you use this keyword the sha1 keyword can not be used)

sha1 – This keyword enables Secure Hash Algorithm 1 (SHA-1) authentication on the area specified by the area-id argument. (Remember if you use this keyword the md5 keyword can not be used) Also, sha1 authentication is considered to be more secure than MD5 authentication; because it requires a 40 hex digit (20-byte) key instead of a 32 hex digit key like MD5 authentication.
  • 0— Means the key is not encrypted.

  • 7—Means the key is encrypted.

key – This argument is a number that is used in the calculation of the message digest or secure hash . The number is either 32 hex digits (16 bytes) or 40 hex digits (20 bytes) long.

I hope this article was very informative and helped you quickly understand the usage, keywords, and arguments of the “area authentication” (IPv6) command. If you need to learn more about the command; I suggest you visit my website, were you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques.

To your success,

Charles Ross
CCNP #CSCO10444244

Comments (0)

Be the first to comment on this article

Related Items

7 Seconds Resources, Inc.

IT Showcase