TechTutorials - Free Computer Tutorials  

IPv6 Training (Cisco): Using the “area encryption” Command 

Added: 11/16/2008, Hits: 2,834, Rating: , Comments: 0, Votes: 0
Add To Favorites | Comment on this article
Now, if you’re a network administrator for an IPv6 OSPF network and your network needs to have encryption for security reasons; then the “area encryption” command is the command you should use.

The “area encryption” command was introduced in the Cisco’s IOS 12.4(9)T release, it is used to “enable” encryption for an Open Shortest Path First (OSPF) area. The command is performed while a Cisco router is in “Router” configuration mode.

Here’s the command’s proper syntax and usage example:

area area-id encryption ipsec spi spi esp encryption-algorithm [[key-encryption-type] key]authentication-algorithm [key-encryption-type] key

Router(config-router)#area 1 encryption ipsec spi 500 esp 3des md5 1aaa2bbb3ccc4ddd5eee6fff7aaa8bbb

In the above example, the Cisco router is being told to provide ‘Triple Data Encryption” (3DES) and Message Digest 5 authentication for OSPF area 1.

Remember, once, the “area encryption” command has been typed on a router, the only way to remove its effects is to type the word “no” in front of the command like in the example below:

Router(config-router)#no area 1 encryption ipsec spi 500 esp 3des md5 1aaa2bbb3ccc4ddd5eee6fff7aaa8bbb

An important fact you should remember about the “area encryption” command is that, if you use the command on a router; then you cannot use any “authentication” commands on that router. Another way of saying it is, you cannot use the “area encryption” command and either the “area authentication” or “area virtual-link authentication” at the same time on a router.

The “area encryption” command Keywords and Arguments Explained:

area-id – This argument is an identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.

ipsec – This keyword represents IP Security (IPSec).

spi spi – This keyword is the Security Policy Index (SPI) and its value. The spi value must be a number from 256 to 4294967295, which is entered as a decimal.

esp – This keyword represents Encapsulating Security Payload (ESP).

encryption-algorithm – This argument is used with the ESP keyword; and the values can be any of the following:
  • aes-cdc—Enables AES-CDC encryption

  • 3des—Enables 3DES encryption

  • des—Enables DES encryption

  • null—ESP with no encryption

key-encryption-type – This argument is an optional identifier of values that can be entered:
  • 0—The key is not encrypted

  • 7—The key is encrypted

key -- This argument is an optional number that is used in the calculation of the message digest. The number is 32 hex digits (16 bytes) long; and the size of the key, depends on
the encryption algorithm used. Some algorithms, such as AES-CDC, allow the user to choose the size of the key.

authentication-algorithm -- This argument is used to indicate the Encryption authentication algorithm to be used, and the values can be one of the following:
  • md5—Enables Message Digest 5 (MD5).

  • sha-1—Enables SHA-1

I hope this article was very informative and helped you quickly understand the usage, keywords, and arguments of the “area encryption” command. If you need to learn more about the command; I suggest you visit my website, were you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques.

To your success,

Charles Ross
CCNP #CSCO10444244

Comments (0)

Be the first to comment on this article

Related Items

7 Seconds Resources, Inc.

IT Showcase