The l2tpv3 local cookie secondary command changes the local cookie value of an L2TPv3 tunnel.
The undo l2tpv3 local cookie secondary command restores the local cookie value of an L2TPv3 tunnel.
By default, the local cookie value of an L2TPv3 tunnel is not changed.
l2tpv3 local cookie secondary { key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value }
undo l2tpv3 local cookie secondary [ key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value ]
| Parameter | Description | Value |
|---|---|---|
| key |
Specifies the local cookie. |
- |
| cipher local-cookie |
Specifies the local cookie value to be in ciphertext. |
The value is a string of 1 to 8 case-sensitive characters. After the configuration, the value is saved in the configuration file as a string of 48/108 case-sensitive characters in ciphertext. SHA256 is used to encrypt the value, providing high security. When the root key is configured, a string of 108 characters in ciphertext is generated. When the root key is not configured, a string of 48 characters in ciphertext is generated. |
| length |
Specifies the length of the local cookie. |
- |
| 4 |
Specifies a 4-byte local cookie value in plaintext. When configuring an authentication password, select the ciphertext mode because the password in plaintext mode is saved in the configuration file in plaintext mode, which has high security risks. To ensure device security, change the password periodically. |
- |
| plain |
Indicates the simple text mode. Only the simple text can be entered. The password in the configuration file is displayed as a simple text. Simple authentication uses the simple text mode by default. When configuring an authentication password, select the ciphertext mode because the password in plaintext mode is saved in the configuration file in plaintext mode, which has high security risks. To ensure device security, change the password periodically. |
- |
| lower-value local-low-value |
Specifies a 4-byte local cookie value in plaintext. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
The value is a hexadecimal integer ranging from 0 to 0xffffffff. |
| 8 |
Specifies the four high-order bytes of an 8-byte local cookie value in plaintext. |
- |
| upper-value local-high-value |
Specifies the four high-order bytes of an 8-byte local cookie value in plaintext. |
The value is a hexadecimal integer ranging from 0 to 0xffffffff. |
Usage Scenario
All packets must match the configured cookie value or be discarded. Cookies are used in security checks performed at the endpoints of a tunnel to prevent network spoofing and attacks. After you run the l2tpv3 local cookie command to configure a local cookie value, you can run the l2tpv3 local cookie secondary command to change the local cookie value without interrupting services.
Prerequisites
L2TPv3 has been enabled using the l2tpv3 enable command.
An L2TPv3 tunnel has been configured using the l2tpv3 pw command. A local cookie value has been configured using the l2tpv3 local cookie command.Precautions
If you run the l2tpv3 local cookie command to change the local cookie value of an L2TPv3 tunnel, services will be temporarily interrupted. It is recommended that you use the l2tpv3 local cookie secondary command to change the local cookie value of an L2TPv3 tunnel.
<HUAWEI> system-view [~HUAWEI] l2tpv3 enable [~HUAWEI] l2tpv3 pw huawei [*HUAWEI-l2tpv3-pw-huawei] l2tpv3 local cookie key cipher Huawei@1 [*HUAWEI-l2tpv3-pw-huawei] l2tpv3 local cookie secondary key cipher Huawei-2