nhrp authentication

Function

The nhrp authentication command configures an authentication character string for NHRP negotiation.

The undo nhrp authentication command deletes an authentication character string for NHRP negotiation.

By default, no authentication character string is configured for NHRP negotiation.

Format

nhrp authentication [ hash { sha2-256 | sha2-384 | sha2-512 } ] cipher authenString

undo nhrp authentication

Parameters

Parameter Description Value
hash

Specifies the hash algorithm.

-

sha2-256

Specifies SHA2-256 as the NHRP authentication algorithm.

-

sha2-384

Specifies SHA2-384 as the NHRP authentication algorithm.

-

sha2-512

Specifies SHA2-512 as the NHRP authentication algorithm.

-

cipher authenString

Specifies the NHRP authentication string.

The value is a string of 1 to 8 characters if the password is not encrypted, or a string of 48 characters if the password is encrypted.

The value is a string of 1 to 8 case-sensitive characters, special characters supported. The character string, however, cannot contain question marks (?) or spaces.

To improve security, it is recommended that the authentication string contain at least two types of the following characters: lowercase letters, uppercase letters, digits, and special characters. In addition, the authentication string must contain at least six characters.

Views

Tunnel interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nhrp write

Usage Guidelines

Usage Scenario

This command configures the NHRP authentication string on a spoke and the hub. This command enables the hub to reject the illegal registration of a spoke.

Configuration Impact

After this command is executed on a spoke and the hub, the spoke sends an NHRP Registration Request packet to the hub, and the hub decides whether to process this packet based on the NHRP authentication string in the packet. If this NHRP authentication string is different from that configured on the hub, the hub does not process this packet. If the two NHRP authentication strings are the same, the hub processes this packet.

Precautions

If the NHRP authentication string is configured on a spoke but not on the hub, the hub does not authenticate the authentication string of the spoke. Instead, the spoke performs the authentication but the authentication fails.

Example

# Set the NHRP authentication string.
<HUAWEI> system-view
[~HUAWEI] nhrp enable
[*HUAWEI] interface tunnel 0
[*HUAWEI-Tunnel0] tunnel-protocol gre p2mp
[*HUAWEI-Tunnel0] nhrp enable
[*HUAWEI-Tunnel0] nhrp authentication cipher huawei
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >