The authentication-mode command configures the authentication mode and password on the Measurement Control Point (MCP).
The undo authentication-mode command deletes the authentication mode and password on the MCP.
By default, no authentication mode or password is configured on the MCP.
authentication-mode hmac-sha256 key-id key-id [ cipher ] password
undo authentication-mode hmac-sha256 key-id key-id
| Parameter | Description | Value |
|---|---|---|
| hmac-sha256 | Uses HMAC-SHA256 to decrypt and authenticate packets sent by a DCP to the MCP. | - |
| key-id key-id | Specifies the ID of the authentication password configured on the MCP. | The value is an integer that ranges from 1 to 64. |
| cipher | Specifies the cipher-text authentication password configured on the MCP. | - |
| password | Specifies the authentication password configured on the MCP. | The value is a case-sensitive character string without spaces.
|
Usage Scenario
On a network demanding high security, when iPCA is used to measure network-level packet loss, enable authentication. After the same authentication mode and password are configured on the MCP and DCPs, the MCP accepts the packets only from authenticated DCPs. This improves network security and reliability of packet loss measurement. The authentication-mode command configures the authentication mode and password on the MCP.
Prerequisites
Global MCP has been enabled using the nqa ipfpm mcp command.
Precautions
The MCP and DCP must be configured with the same authentication mode and password; otherwise, the MCP cannot obtain packet loss measurement from the DCP.