< Home

ah authentication-algorithm

Function

The ah authentication-algorithm command configures the authentication algorithm for AH protocol.

The undo ah authentication-algorithm command restores the default authentication algorithm for AH protocol.

By default, AH protocol uses the Secure Hash Algorithm-256 (SHA2-256) authentication algorithm.

Format

ah authentication-algorithm { sha1 | sha2-256 }

undo ah authentication-algorithm

Parameters

Parameter

Description

Value

sha1

Specifies Secure Hash Algorithm-1 (SHA-1) as the authentication algorithm.

SHA-1 generates a 160-bit message summary based on a message of less than 264 bits.

-

sha2-256

Specifies SHA2-256 as the authentication algorithm.

SHA2-256 generates a 256-bit message summary based on a message of less than 264 bits.

-

Views

IPSec proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

IPSec can use AH protocol to authenticate packets, preventing packets from being intercepted or modified, you can run the ah authentication-algorithm command to configure the authentication algorithm for AH protocol.

Prerequisite

The protocol of this IPSec proposal has been configured to AH using the transform command.

Precautions

The authentication algorithms on both IPSec peers must be identical.

The system software does not support the md5 parameter. To use the md5 parameter, you need to install the WEAKEA plug-in. For higher security purposes, you are advised to specify the sha2-256 parameter.

Example

# Configure the IPSec proposal prop1 to use the AH protocol, and specify SHA2-256 as the authentication algorithm.

<HUAWEI> system-view
[HUAWEI] ipsec proposal prop1
[HUAWEI-ipsec-proposal-prop1] transform ah
[HUAWEI-ipsec-proposal-prop1] ah authentication-algorithm sha2-256
Parent Topic: IPSec Configuration Commands (IPSec Encryption)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >