One Comment on “Which two statements about the ipv6 ospf authentication command are true?”

1. scooby says:

   November 18, 2015 at 2:02 am

   OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use
   authentication, because only crypto images include the IPsec API needed for use with OSPFv3.
   In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When
   OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header
   to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP
   extension headers can be used to provide authentication and confidentiality to OSPFv3.
   To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the
   IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be
   applied alone or in combination with the AH, and when ESP is used, both encryption and
   authentication are provided. Security services can be provided between a pair of communicating
   hosts, between a pair of communicating security gateways, or between a security gateway and a
   host.
   To configure IPsec, you configure a security policy, which is a combination of the security policy
   index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3
   can be configured on an interface or on an OSPFv3 area. For higher security, you should
   configure a different policy on each interface configured with IPsec. If you configure IPsec for an
   OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that
   have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you.
   Reference. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-
   15-sy-book/ip6-route-ospfv3-auth-ipsec.html
   QUESTION NO:

   
   
   
   0

   
   
   
   0