key-id (tcp-ao policy view)

Function

The key-id command creates a TCP-AO key ID and displays the TCP-AO Key-id view, or directly display the TCP-AO key ID view if the TCP-AO has been created.

The undo key-id command deletes a key ID from TCP-AO.

By default, no key ID is set in the TCP-AO.

Format

key-id keyId

undo key-id keyId

Parameters

Parameter Description Value
keyId

Specifies ID of a TCP-AO MKT.

The value is an integer ranging from 0 to 63.

Views

tcp-ao policy view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ip-stack write

Usage Guidelines

Usage Scenario

A key ID can be created in a TCP-AO only after a keychain is bound to the TCP-AO.

The key ID of the TCP-AO must be the same as a key-id configured in the bound keychain. The two key-id configurations together constitute a set of TCO-AO authentication rules, that is, master key tuple (MKT). However, the configuration of the key-id in the keychain cannot meet the requirements of the TCP-AO. Therefore, the configuration of the send ID and receive ID needs to be supplemented.

Key IDs in the TCP-AO and bound keychain can be set in any sequence. The TCP-AO MKT can take effect only after the settings of the key IDs in both the TCP-AO and bound keychain are complete.

Example

# Create a TCP-AO key ID and enter the TCP-AO key ID view.
<HUAWEI> system-view
[~HUAWEI] tcp ao exampleAO
[~HUAWEI-tcp-ao-exampleAO] key-id 10
[*HUAWEI-tcp-ao-exampleAO-key-10]
Parent Topic: TCP-AO Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >