authentication-algorithm

Function

The authentication-algorithm command specifies the authentication algorithm used in IKE proposal.

The undo authentication-algorithm command restores the default setting.

By default, SHA2-256 is used as the authentication algorithm.

This command is supported only on the NetEngine 8000 F1A.

authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 }

undo authentication-algorithm

Parameter	Description	Value
md5	Indicates MD5 as the authentication algorithm. To ensure high security, do not use the MD5 algorithm as the authentication algorithm for IKE negotiation.	-
sha1	Indicates SHA-1 as the authentication algorithm. To ensure high security, do not use the SHA-1 algorithm as the authentication algorithm for IKE negotiation.	-
sha2-256	Indicates SHA2-256 as the authentication algorithm.	-
sha2-384	Indicates SHA2-384 as the authentication algorithm.	-
sha2-512	Indicates SHA2-512 as the authentication algorithm.	-

IKE proposal view

2: Configuration level

Task Name	Operations
ike	write

The authentication algorithms uses the following configurations:

MD5 uses 128-bit key
SHA-1 uses 160-bit key
SHA2-256 uses 256-bit key
SHA2-384 uses 384-bit key
SHA2-512 uses 512-bit key
MD5, SHA-1, SHA2-256, SHA2-384, SHA2-512 are listed in descending order by calculation speed and in ascending order by complexity, security, and requirements for device performance.
MD5 and SHA-1 authentication algorithms are insecure. It is recommended to use SHA2-256 algorithm.

# Set SHA2-256 as the authentication algorithm for IKE proposal 10.

<HUAWEI> system-view
[~HUAWEI] ike proposal 10
[*HUAWEI-ike-proposal-10] authentication-algorithm sha2-256