No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ah authentication-algorithm

ah authentication-algorithm


The ah authentication-algorithm command specifies the authentication algorithm used by the Authentication Header (AH) protocol.

The undo ah authentication-algorithm command restores the default setting.

By default, AH uses the SHA-256 authentication algorithm.


ah authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 }

undo ah authentication-algorithm






Specifies MD5 as the authentication algorithm used by the AH protocol.



Specifies SHA-1 as the authentication algorithm used by the AH protocol.



Specifies SHA-256 as the authentication algorithm used by the AH protocol.



Specifies SHA-384 as the authentication algorithm used by the AH protocol.



Specifies SHA-512 as the authentication algorithm used by the AH protocol.



AR500 series do not support SHA2-384 and SHA2-512 authentication algorithms.


IPSec proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The differences between the MD5 and SHA authentication algorithms are as follows:

  • The MD5 algorithm uses a 128-bit key, and the SHA-1 algorithm uses a 160-bit key. The SHA-256, SHA-384, and SHA-512 algorithms use 256-bit, 384-bit, and 512-bit keys respectively.

  • A larger number of key bits indicate a more secure algorithm but a slower calculation speed. The MD5 and SHA-1 algorithms are not recommended because they cannot meet your security defense requirements.

In practice, select an authentication algorithm according to the requirement for security and device performance.You are advised not to use MD5 or SHA-1; otherwise, security defense requirements may be not met.


ah or ah-esp has been specified in the transform command.


In the IPSec proposals used by both ends of an IPSec tunnel, the AH protocol must use the same authentication algorithm.


# Configure IPSec proposal prop1 and configure the AH protocol to use the SHA-512 authentication algorithm.

<Huawei> system-view
[Huawei] ipsec proposal prop1
[Huawei-ipsec-proposal-prop1] transform ah
[Huawei-ipsec-proposal-prop1] ah authentication-algorithm sha2-512
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 90844

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next