Now, if you’re a network administrator for an IPv6 OSPF network and your network needs to have encryption for security reasons; then the “area encryption” command is the command you should use.
The “area encryption” command was introduced in the Cisco’s IOS 12.4(9)T release, it is used to “enable” encryption for an Open Shortest Path First (OSPF) area. The command is performed while a Cisco router is in “Router” configuration mode.
Here’s the command’s proper syntax and usage example:
In the above example, the Cisco router is being told to provide ‘Triple Data Encryption” (3DES) and Message Digest 5 authentication for OSPF area 1.
Remember, once, the “area encryption” command has been typed on a router, the only way to remove its effects is to type the word “no” in front of the command like in the example below:
An important fact you should remember about the “area encryption” command is that, if you use the command on a router; then you cannot use any “authentication” commands on that router. Another way of saying it is, you cannot use the “area encryption” command and either the “area authentication” or “area virtual-link authentication” at the same time on a router.
The “area encryption” command Keywords and Arguments Explained:
area-id – This argument is an identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.
ipsec – This keyword represents IP Security (IPSec).
spi spi – This keyword is the Security Policy Index (SPI) and its value. The spi value must be a number from 256 to 4294967295, which is entered as a decimal.
esp – This keyword represents Encapsulating Security Payload (ESP).
encryption-algorithm – This argument is used with the ESP keyword; and the values can be any of the following:
aes-cdc—Enables AES-CDC encryption
3des—Enables 3DES encryption
des—Enables DES encryption
null—ESP with no encryption
key-encryption-type – This argument is an optional identifier of values that can be entered:
0—The key is not encrypted
7—The key is encrypted
key -- This argument is an optional number that is used in the calculation of the message digest. The number is 32 hex digits (16 bytes) long; and the size of the key, depends on
the encryption algorithm used. Some algorithms, such as AES-CDC, allow the user to choose the size of the key.
authentication-algorithm -- This argument is used to indicate the Encryption authentication algorithm to be used, and the values can be one of the following:
md5—Enables Message Digest 5 (MD5).
sha-1—Enables SHA-1
I hope this article was very informative and helped you quickly understand the usage, keywords, and arguments of the “area encryption” command. If you need to learn more about the command; I suggest you visit my website, were you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques.
