Re: In ISR 8300 how to use aes encryption.

kasulasaiganesh · ‎03-13-2024

I have isr 8300 series at each site user wants to use AES encryption for without creating ipsec. Actually user is using ospf for multiple stations.

Please any one help me out from this issue.

balaji.bandi · ‎03-14-2024

The requirement was not clear - you like to use OSPF with AES encryption.

what IOS Xe code running on it. ?

provide other end sample configuration for us to understand the environment.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kasulasaiganesh · ‎03-14-2024

Yes, I need AES encryption with ospf.

Is it possible ?

balaji.bandi · ‎03-14-2024

what IOS Xe code running on it. ?

provide other end sample configuration for us to understand the environment.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kasulasaiganesh · ‎03-15-2024

Hi balaji.bandi sorry for late response.

IOS versions :- 17.06.03a.SPA.bin and I don't have any configuration. I can share the network diag only.

kasulasaiganesh · ‎03-21-2024

Hi Team,

Please share the configuration of the above network.

Thank you.

Max Jobs · ‎03-14-2024

Its very important to know the version, but this is a general method:

1 - Configure OSPF with the "ip ospf authentication" command.
2 - Specify the authentication type as "ip ospf authentication message-digest".
3 - Set the encryption algorithm to AES by adding the "ip ospf message-digest-key" command with the desired key-id and encryption type as "md5 0 AES <password>".

MHM Cisco World · ‎03-14-2024

OSPFv3 with IPv6 is only support auth other OSPFv2 is support only plain text or MD5 hash

MHM

Rob Ingram · ‎03-14-2024

@kasulasaiganesh

If you want the OSPF communication between peers encrypted using AES then your options are using MACSec or IPSec.

If you were referring to authentication, then OSPF supports authentication of the messages between the peer devices using either MD5 or SHA (SHA1, SHA256, SHA384 or SHA512) or plaintext.