authentication-algorithm

Function

The authentication-algorithm command specifies the authentication algorithm used in IKE proposal.

The undo authentication-algorithm command restores the default setting.

By default, SHA2-256 is used as the authentication algorithm.

This command is supported only on the NetEngine 8000 F1A.

Format

authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 }

undo authentication-algorithm

Parameters

Parameter Description Value
md5

Indicates MD5 as the authentication algorithm.

To ensure high security, do not use the MD5 algorithm as the authentication algorithm for IKE negotiation.

-
sha1

Indicates SHA-1 as the authentication algorithm.

To ensure high security, do not use the SHA-1 algorithm as the authentication algorithm for IKE negotiation.

-
sha2-256

Indicates SHA2-256 as the authentication algorithm.

-
sha2-384

Indicates SHA2-384 as the authentication algorithm.

-
sha2-512

Indicates SHA2-512 as the authentication algorithm.

-

Views

IKE proposal view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

The authentication algorithms uses the following configurations:

  • MD5 uses 128-bit key
  • SHA-1 uses 160-bit key
  • SHA2-256 uses 256-bit key
  • SHA2-384 uses 384-bit key
  • SHA2-512 uses 512-bit key

    MD5, SHA-1, SHA2-256, SHA2-384, SHA2-512 are listed in descending order by calculation speed and in ascending order by complexity, security, and requirements for device performance.

    MD5 and SHA-1 authentication algorithms are insecure. It is recommended to use SHA2-256 algorithm.

Example

# Set SHA2-256 as the authentication algorithm for IKE proposal 10.
<HUAWEI> system-view
[~HUAWEI] ike proposal 10
[*HUAWEI-ike-proposal-10] authentication-algorithm sha2-256
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >