Alcatel-Lucent 6850-48 Network Guide
Configuring IPsec on the OmniSwitch
Configuring IPsec
page 27-18
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
The length of the key value must match the value that is required by the encryption or authentication algo-
rithm that will use the key. The table shown below displays the key lengths for the supported algorithms:
rithm that will use the key. The table shown below displays the key lengths for the supported algorithms:
Use the following information to determine how to create the proper key size:
• Number of Characters = Key Size (in bits) / 8; Ex. A 160-bit key would require 20 characters for the
key.
• Number of Hexidecimal = Key Size (in bits) / 4; Ex. A 160-bit key would require 40 hexidecimal
digits.
Note. The name parameter must be the same as the name of the manually configured IPsec SA. Also, the
combination of the key name and type must be unique.
combination of the key name and type must be unique.
Use the
no
form of this command to delete the configured IPsec SA key. For example:
-> no ipsec key tcp_in_ah
Verifying IPsec SA Key
To display the encryption key values which are configured for manually configured IPsec SAs, use the
command For example:
-> show ipsec key sa-encryption
Encryption Keys
Name Length (bits)
--------------------+---------------
sa_1
192
sa_2 160
sa_3 64
The above command shows the number of manually configured SAs along with their encryption key
lengths in bits respectively. To display the IPsec SA keys used for AH, use the
lengths in bits respectively. To display the IPsec SA keys used for AH, use the
command,
as shown below:
-> show ipsec key sa-authentication
Authentication Keys
Name Length (bits)
--------------------+----------------
tcp_in_ah
160
sa_1 128
sa_5 160
Algorithm
Key Length
DES-CBC
64 Bits
3DES-CBC
192 Bits
AES-CBC
128,192, or 256
Bits
Bits
AES-CTR
160,224, or 288
Bits
Bits
HMAC-MD5
128 Bits
HMAC-SHA1
160 Bits
AES-XCBC-MAC
128 Bits