No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TCP Authentication Parameters

Configuring TCP Authentication Parameters

Describes how to configure of TCP Authentication Parameters.

Usage Scenario

Keychain is used to provide authentication support to all the applications. Authenticated TCP communication is required between two peers. TCP based applications can communicate with other vendor nodes by using the authenticated TCP connection. For authenticated communication, TCP uses TCP Enhanced Authentication Option. Currently different vendors use different kind value to represent the TCP Enhanced Authentication Option type. Hence, kind value should be made configurable based on the type of vendor to which it is connected. Similarly TCP Enhanced Authentication Option has a field named algorithm-id which represents the authentication algorithm type. As algorithm-ids are not defined by IANA, currently different vendor uses different algorithm-id to represent the same algorithm. In order to communicate with the other vendors, user has to configure the TCP algorithm-id in the keychain.

Pre-configuration Tasks

Before configuring the keychain feature on the peer routers supporting TCP, configure the Network Time Protocol (NTP) so that the time is consistent on the two routers.

Configuration Procedure

Figure 6-2 Flowchart for configuring keychain authentication parameters

Configuring TCP Kind of a Keychain

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run keychain keychain-name

    Keychain view is entered

  3. Run tcp-kind kind-value

    The TCP kind value for the keychain is configured. The range of the kind-value can be <28-255>.

  4. Run commit

    The configurations are committed.

Follow-up Procedure

TCP uses TCP Enhanced Authentication Option for authenticated communication. The kind value used to represent the TCP Enhanced Authentication Option type for a keychain can be configured.

Configuring TCP Algorithm-id in a Keychain

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run keychain keychain-name

    Keychain view is entered

  3. Run tcp-algorithm-id { hmac-md5 | hmac-sha-256 | hmac-sha1-12 | hmac-sha1-20 | md5 | sha-1 | sha-256 } algorithm-id

    The range of the algorithm-id can be 1 to 63.

    To ensure high security, do not use the MD5 algorithm.

  4. Run commit

    The configurations are committed.

Follow-up Procedure

The algorithm-id used to represent authentication algorithm type in TCP Enhanced Authentication Option for a keychain can be configured.

Checking the Configuration

Prerequisites

The configurations of the keychain are complete.

Procedure

  • Run the display keychain keychain-name command to view the current configuration of a keychain.
  • Run the display keychain keychain-name key-id key-id command to view the current configuration of a key-id inside a keychain.

Example

The configurations of the keychain are complete, Run the display keychain keychain-name command to view the current configuration of a keychain, for example:

<HUAWEI> display keychain earth
 Keychain Information:
 ----------------------
 Keychain Name             : earth
   Timer Mode              : Absolute
   Receive Tolerance(min)  : 100
   TCP Kind                : 254
   TCP Algorithm IDs       :
     HMAC-MD5              : 5
     HMAC-SHA1-12          : 2
     HMAC-SHA1-20          : 6
     MD5                   : 3
     SHA1                  : 4
     HMAC-SHA-256          : 7
     SHA-256               : 8
 Number of Key IDs         : 1
 Active Send Key ID        : None
 Active Receive Key IDs    : None
 Default send Key ID       : Not configured

 Key ID Information:
 ----------------------
 Key ID                    : 1
   Key string              : ******
   Algorithm               : MD5
   SEND TIMER              :
     Start time            : 2011-03-10 14:40
     End time              : 2011-03-10 14:50
     Status                : Inactive
   RECEIVE TIMER           :
     Start time            : 2011-03-10 14:40
     End time              : 2011-03-10 14:50
     Status                : Inactive

The configurations of the keychain are complete, Run the display keychain keychain-name key-id key-id command to view the current configuration of a key-id inside a keychain, for example:

<HUAWEI> display keychain earth key-id 1
 Keychain Information:
 ----------------------
 Keychain Name             : earth
   Timer Mode              : Absolute
   Receive Tolerance(min)  : 100
   TCP Kind                : 254
   TCP Algorithm IDs       :
     HMAC-MD5              : 5
     HMAC-SHA1-12          : 2
     HMAC-SHA1-20          : 6
     MD5                   : 3
     SHA1                  : 4
     HMAC-SHA-256          : 7
     SHA-256               : 8

 Key ID Information:
 ----------------------
 Key ID                    : 1
   Key string              : ******
   Algorithm               : MD5
   SEND TIMER              :
     Start time            : 2011-03-10 14:40
     End time              : 2011-03-10 14:50
     Status                : Inactive
   RECEIVE TIMER           :
     Start time            : 2011-03-10 14:40
     End time              : 2011-03-10 14:50
     Status                : Inactive
   DEFAULT SEND KEY ID INFORMATION
     Default               : Not configured
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19814

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next