No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
sa authentication-hex

sa authentication-hex

Function

The sa authentication-hex command configures an authentication key for an IPSec SA in hexadecimal notation.

The undo sa authentication-hex command cancels the configuration.

By default, the authentication key is not configured for an IPSec SA.

Format

sa authentication-hex { inbound | outbound } { ah | esp } { simple | cipher } hex-string

undo sa authentication-hex { inbound | outbound } { ah | esp }

Parameters

Parameter Description Value
inbound Sets an authentication key for the inbound IPSec SA. IPSec uses the inbound IPSec SA to process incoming packets. -
outbound Sets an authentication key for the outbound IPSec SA. IPSec uses the outbound IPSec SA to process outgoing packets. -
ah Sets an authentication key using the AH protocol. If the IPSec proposal referenced in an IPSec policy uses the AH protocol, the authentication key is set based on the ah keyword. -
esp Sets an authentication key using the ESP protocol. If the IPSec proposal referenced in an IPSec policy uses the ESP protocol, the authentication key is set based on the esp keyword. -
simple

Indicates plain text authentication key. Type in an authentication key in plain text. The authentication key is displayed in plain text in the configuration file.

NOTICE:

If simple is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

-
cipher

Indicates the cipher authentication key. You can enter an authentication key in plain text or cipher text. The authentication key is displayed in cipher text in the configuration file.

-
hex-string Sets an authentication key for the IPSec SA.

The value is in the hexadecimal format.

  • If MD5 is used, the key length is 16 bytes.
  • If SHA1 is used, the key length is 20 bytes.
  • If SHA2-256 is used, the key length is 32 bytes.
  • If SHA2-384 is used, the key length is 48 bytes.
  • If SHA2-512 is used, the key length is 64 bytes.

Views

Manual IPSec policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When manually configuring an IPSec policy, you must configure an authentication key for the inbound/outbound IPSec SA. The authentication key can be a hexadecimal number or a character string.

  • The sa authentication-hex command sets an authentication key in hexadecimal notation.

  • The sa string-key command sets a character string as the authentication key.

If two keys in different formats are configured, the key configured later takes effect.

Precautions

The inbound authentication key on the local end must be the same as the outbound authentication key on the remote end. The outbound authentication key on the local end must be the same as the inbound authentication key on the remote end.

The authentication key on both ends of an IPSec tunnel must use the same format. For example, an IPSec SA cannot be established if the authentication key on one end is a character string but that on the other end is a hexadecimal number.

Example

# In IPSec policy policy1 using AH and SHA2-256 on the local device, set the SPI and authentication key of the inbound IPSec SA to 10000 and 0x112233445566778899aabbccddeeff00aabbccddeeff001100aabbccddeeff00; set the SPI and authentication key of the outbound IPSec SA to 20000 and 0xaabbccddeeff001100aabbccddeeff00112233445566778899aabbccddeeff00.

<AC6605> system-view
[AC6605] ipsec proposal prop1
[AC6605-ipsec-proposal-prop1] transform ah
[AC6605-ipsec-proposal-prop1] ah authentication-algorithm sha2-256
[AC6605-ipsec-proposal-prop1] quit
[AC6605] ipsec policy policy1 1 manual
[AC6605-ipsec-policy-manual-policy1-1] sa spi inbound ah 10000
[AC6605-ipsec-policy-manual-policy1-1] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00aabbccddeeff001100aabbccddeeff00
[AC6605-ipsec-policy-manual-policy1-1] sa spi outbound ah 20000
[AC6605-ipsec-policy-manual-policy1-1] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00112233445566778899aabbccddeeff00

# In IPSec policy policy1 using AH and SHA2-256 on the remote device, set the SPI and authentication key of the inbound IPSec SA to 20000 and 0xaabbccddeeff001100aabbccddeeff00112233445566778899aabbccddeeff00; set the SPI and authentication key of the outbound IPSec SA to 10000 and 0x112233445566778899aabbccddeeff00aabbccddeeff001100aabbccddeeff00.

<AC6605> system-view
[AC6605] ipsec proposal prop1
[AC6605-ipsec-proposal-prop1] transform ah
[AC6605-ipsec-proposal-prop1] ah authentication-algorithm sha2-256
[AC6605-ipsec-proposal-prop1] quit
[AC6605] ipsec policy policy1 1 manual
[AC6605-ipsec-policy-manual-policy1-1] sa spi inbound ah 20000
[AC6605-ipsec-policy-manual-policy1-1] sa authentication-hex inbound ah cipher aabbccddeeff001100aabbccddeeff00112233445566778899aabbccddeeff00
[AC6605-ipsec-policy-manual-policy1-1] sa spi outbound ah 10000
[AC6605-ipsec-policy-manual-policy1-1] sa authentication-hex outbound ah cipher 112233445566778899aabbccddeeff00aabbccddeeff001100aabbccddeeff00
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3211068

Downloads: 603

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :