EasyManuals Logo

Alcatel-Lucent OmniSwitch 6860 Series User Manual

Alcatel-Lucent OmniSwitch 6860 Series
1078 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #415 background imageLoading...
Page #415 background image
Configuring IPsec Configuring IPsec on the OmniSwitch
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 18-16
-> ipsec sa tcp_in_ah esp source 3ffe:1:1:1::99 destination 3ffe:1:1:1::1 spi
9901 encryption aes-cbc key-size 192
The above command configures an IPsec SA of ESP using aes-cbs and a key length of 192 bits. You can
allow an IPsec SA to operate as an ESP confidentiality-only SA by using the none option with the
authentication parameter or by simply omitting the authentication parameter from the command.
Refer to “Configuring IPsec SA Keys” on page 18-16 or the ipsec sa command for supported encryption
types and key lengths.
Verifying IPsec SA
To display the configured IPsec SA, use the show ipsec sa command. For example:
-> show ipsec sa
Name Type Source-> Destination[SPI] Encryption Authentication State
---------+---+----------------------------------------+----------+-------------+---
tcp_in_ah ah 3ffe:1:1:1::99 -> 3ffe:1:1:1::1 [9901] none hmac-sha1 active
tcp_out_ah ah 3ffe:1:1:1::1 -> 3ffe:1:1:1::99 [9902] none hmac-sha1 active
To display the configuration of a specific IPsec SA, use the show ipsec sa command followed by the
name of the configured IPsec SA. For example:
-> show ipsec sa tcp_in_ah
Name = tcp_in_ah
Type = AH
Source = 3ffe:1:1:1::99,
Destination = 3ffe:1:1:1::1,
SPI = 9901
Encryption = none
Authentication = hmac-sha1
State = active
Description:
"HMAC SHA1 on traffic from 99 to 1
Configuring IPsec SA Keys
To configure the authentication and encryption keys for a manually configured SA, use the ipsec key
command along with the SA name and key value which will be used for AH or ESP. For example:
-> ipsec key tcp_in_ah sa-authentication 0x11223344556677889900112233445566
The above command configures an IPsec SA key named tcp_in_ah. This IPsec SA key will be used for the
AH authentication protocol and has a value of 0x11223344556677889900112233445566.
The length of the key value must match the value that is required by the encryption or authentication
algorithm that will use the key.
The table shown below displays the key lengths for the supported algorithms:
Algorithm Key Length
3DES-CBC 192 Bits
AES-CBC 128,192, or 256
Bits
HMAC-MD5 128 Bits

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Alcatel-Lucent OmniSwitch 6860 Series and is the answer not in the manual?

Alcatel-Lucent OmniSwitch 6860 Series Specifications

General IconGeneral
BrandAlcatel-Lucent
ModelOmniSwitch 6860 Series
CategorySwitch
LanguageEnglish

Related product manuals