authentication-algorithm
Function
The authentication-algorithm command configures an authentication algorithm for IKEv1 negotiation.
The undo authentication-algorithm command restores the default configuration.
By default, the SHA2-256 authentication algorithm is used for IKEv1 negotiation.
Format
authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 | sm3 } *
undo authentication-algorithm
Parameters
| Parameter | Description | Value |
|---|---|---|
md5 |
Uses the message digest algorithm 5 (MD5) authentication algorithm. |
- |
sha1 |
Uses the Secure Hash Algorithm 1 (SHA-1) authentication algorithm. |
- |
sha2-256 |
Uses the SHA2-256 authentication algorithm. |
- |
sha2-384 |
Uses the SHA2-384 authentication algorithm. |
- |
sha2-512 |
Uses the SHA2-512 authentication algorithm. |
- |
sm3 |
Uses the SM3 authentication algorithm. |
- |
Usage Guidelines
An authentication algorithm is required for IKEv1 negotiation. If multiple authentication algorithms are configured, the system selects the algorithms in descending order of security level. Authentication algorithms that can be used for IKEv1 negotiation include the following (listed in descending order of security level): sm3 > sha2-512 > sha2-384 > sha2-256 > sha1 > md5.
SM3 can meet the high confidentiality and security requirements, but it takes a comparatively long time for processing. md5 and sha1 are not recommended because they cannot provide high security. By default, the device does not support the md5 and sha1 algorithms. To use these algorithms, install the weak security algorithm component package (product_version_WEAKEA.mod). For details, see Dynamic Loading.