option-authentication disable (tcp-ao key-id view)

Function

The option-authentication disable command excludes the AO field of TCP packets from the MKT authentication range.

The undo option-authentication disable command allows the AO field of TCP packets to be included in the MKT authentication range.

By default, the MKT authentication scope includes the AO field in TCP packets.

Format

option-authentication disable

undo option-authentication disable

Parameters

None

Views

tcp-ao key-id view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ip-stack write

Usage Guidelines

Usage Scenario

By default, the authentication scope of the key group MKT includes TCP options (except the TCP-AO option), meaning that options (except the TCP-AO option) are added to the calculation scope of the message authentication code (MAC).

On a special network path, the TCP options of a forwarding node may be modified. In this case, to ensure the normal running of TCP-AO, you can run this command to configure the authentication scope of the key group MKT to exclude TCP options (except the TCP-AO option).

Example

# Exclude the AO field of TCP packets from the MKT authentication range.
<HUAWEI> system-view
[~HUAWEI] tcp ao exampleAO
[~HUAWEI-tcp-ao-exampleAO] key-id 10
[~HUAWEI-tcp-ao-exampleAO-key-10] option-authentication disable
Parent Topic: TCP-AO Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >