Prerequisites
Use the following steps to configure NGE for an MPLS service or router interface. The steps must be performed in order.
Procedure
-
Configure the group encryption label. The label must be unique, and the same
label must be used on all nodes in the network group.
-
Create a key group, duplicating this configuration on all nodes participating
in this key group.
-
Configure the encryption and authentication algorithms for the
group.
-
Configure a security association (SA) that contains the encryption and
authentication keys.
-
Configure the active outbound SA for the group.
-
Select the SDPs, VPRN services, or router interfaces that require
encryption.
-
For each SDP, VPRN service, or router interface, configure the outbound
direction key group.
-
For each SDP, VPRN service, or router interface, configure the inbound
direction key group.