Which two statements about the ipv6 ospf authentication command are true?

Which two statements about the ipv6 ospf authentication command are true? (Choose two.)

Which two statements about the ipv6 ospf authentication command are true? (Choose two.)

A.
The command is required if you implement the IPsec AH header.

B.
The command configures an SPI.

C.
The command is required if you implement the IPsec TLV.

D.
The command can be used in conjunction with the SPI authentication algorithm.

E.
The command must be configured under the OSPFv3 process.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


scooby

scooby

OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use
authentication, because only crypto images include the IPsec API needed for use with OSPFv3.
In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When
OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header
to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP
extension headers can be used to provide authentication and confidentiality to OSPFv3.
To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the
IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be
applied alone or in combination with the AH, and when ESP is used, both encryption and
authentication are provided. Security services can be provided between a pair of communicating
hosts, between a pair of communicating security gateways, or between a security gateway and a
host.
To configure IPsec, you configure a security policy, which is a combination of the security policy
index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3
can be configured on an interface or on an OSPFv3 area. For higher security, you should
configure a different policy on each interface configured with IPsec. If you configure IPsec for an
OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that
have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you.
Reference. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-
15-sy-book/ip6-route-ospfv3-auth-ipsec.html
QUESTION NO: