No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ike proposal

display ike proposal

Function

The display ike proposal command displays the IKE proposal configuration.

Format

display ike proposal [ number proposal-number ]

Parameters

Parameter

Description

Value

number proposal-number

Specifies the number of an IKE proposal. A smaller IKE proposal number indicates a higher priority.

The value is an integer that ranges from 1 to 99.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

IKE proposals are displayed in ascending order of IKE proposal number.

Example

# Display the configuration of all IKE proposals.

<Huawei> display ike proposal
                                                                                
Number of IKE Proposals: 3                                                      
                                                                                
-------------------------------------------                                     
 IKE Proposal: 1                                                                
   Authentication method      : pre-shared                                      
   Authentication algorithm   : SHA2-256                                 
   Encryption algorithm       : AES-CBC-256                                         
   DH group                   : MODP-1536                                       
   SA duration                : 86400                                           
   PRF                        : PRF-AES-XCBC-128                                
-------------------------------------------                                     
                                                                                
-------------------------------------------                                     
 IKE Proposal: 2                                                                
   Authentication method      : pre-shared                                      
   Authentication algorithm   : SHA2-256                                            
   Encryption algorithm       : AES-CBC-256                                         
   DH group                   : MODP-768                                        
   SA duration                : 86400                                           
   PRF                        : PRF-HMAC-SHA2-256                                    
-------------------------------------------                                     
                                                                                
-------------------------------------------     
 IKE Proposal: Default                                                          
   Authentication method      : pre-shared                                      
   Authentication algorithm   : SHA2-256                                            
   Encryption algorithm       : AES-CBC-256                                         
   DH group                   : MODP-768                                        
   SA duration                : 86400                                           
   PRF                        : PRF-HMAC-SHA2-256                                    
-------------------------------------------                                     
                                             

# Display the configuration of IKE proposal 10.

<Huawei> display ike proposal number 10
-------------------------------------------
 IKE Proposal: 10
   Authentication method      : pre-shared
   Authentication algorithm   : SHA2-256
   Encryption algorithm       : AES-CBC-256
   DH group                   : MODP-768
   SA duration                : 86400
   PRF                        : PRF-HMAC-SHA2-256
-------------------------------------------
Table 10-17  Description of the display ike proposal command output

Item

Description

IKE Proposal

IKE proposal number. To configure an IKE proposal, run the ike proposal command.

Authentication method

Authentication mode in the IKE proposal:

  • pre-shared: pre-shared key authentication
  • rsa-signature: RSA signature authentication

To configure an authentication mode, run the authentication-method command.

Authentication algorithm

Authentication algorithm in the IKE proposal:
  • AES-XCBC-MAC-96: uses a 128-bit key.
  • MD5: uses a 128-bit key.
  • SHA1: uses a 160-bit key.
  • SHA2-256: uses a 256-bit key.
  • SHA2-384: uses a 384-bit key.
  • SHA2-512: uses a 512-bit key.
To configure an authentication algorithm, run the authentication-algorithm command.
NOTICE:

The MD5 and SHA1 algorithms have security risks; therefore, you are advised to use AES-XCBC-MAC-96, SHA2-256, SHA2-384, or SHA2-512 or SM3 preferentially.

Encryption algorithm

Encryption algorithm in the IKE proposal:
  • 3DES-CBC: 168-bit 3DES-CBC encryption algorithm
  • AES-CBC-128: 128-bit AES-CBC encryption algorithm
  • AES-CBC-192: 192-bit AES-CBC encryption algorithm
  • AES-CBC-256: 256-bit AES-CBC encryption algorithm
  • DES-CBC: DES-CBC encryption algorithm
To configure an encryption algorithm, run the encryption-algorithm command.
NOTICE:

The DES-CBC and 3DES-CBC algorithms have security risks; therefore, you are advised to use AES-CBC-128, AES-CBC-192, or AES-CBC-256 preferentially.

DH group

DH group used in the IKE proposal:
  • MODP-768: 768-bit Diffie-Hellman group
  • MODP-1024: 1024-bit Diffie-Hellman group
  • MODP-1536: 1536-bit Diffie-Hellman group
  • MODP-2048: 2048-bit Diffie-Hellman group
To configure a DH group, run the dh command.

SA duration

IKE SA lifetime. To set the IKE SA lifetime, run the sa duration command.

PRF

Algorithm used to generate a pseudo random number:
  • PRF-HMAC-MD5: HMAC-MD5 algorithm
  • PRF-HMAC-MD5: HMAC-SHA-1 algorithm
  • PRF-AES-XCBC-128: AES-XCBC-128 algorithm
  • HMAC-SHA2-256: HMAC-SHA-256 algorithm
  • HMAC-SHA2-384: HMAC-SHA-384 algorithm
  • HMAC-SHA2-512: HMAC-SHA-512 algorithm
Only IKEv2 requires the PRF algorithm. To specify an algorithm used to generate a pseudo random number, run the prf command.
NOTICE:

The HMAC-MD5 and HMAC-SHA-1 algorithms have security risks; therefore, you are advised to use AES-XCBC-128, SHA2-256, SHA2-384, or SHA2-512 preferentially.

Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 70156

Downloads: 113

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next