< Home

integrity-algorithm

Function

The integrity-algorithm command configures an integrity algorithm for IKEv2 negotiation.

The undo integrity-algorithm command restores the default configuration.

By default, the HMAC-SHA2-256 integrity algorithm is used for IKEv2 negotiation.

Format

integrity-algorithm { aes-xcbc-96 | hmac-md5-96 | hmac-sha1-96 | hmac-sha2-256 | hmac-sha2-384 | hmac-sha2-512 } *

undo integrity-algorithm

Parameters

Parameter Description Value

aes-xcbc-96

Indicates that the integrity algorithm is AES-XCBC-96.

-

hmac-md5-96

Indicates that the integrity algorithm is HMAC-MD5-96.

-

hmac-sha1-96

Indicates that the integrity algorithm is HMAC-SHA1-96.

-

hmac-sha2-256

Indicates that the integrity algorithm is HMAC-SHA2-256.

-

hmac-sha2-384

Indicates that the integrity algorithm is HMAC-SHA2-384.

-

hmac-sha2-512

Indicates that the integrity algorithm is HMAC-SHA2-512.

-

Views

IKE proposal view

Default Level

2: Configuration level

Usage Guidelines

The following integrity algorithms are listed from the highest security level to the lowest security level: hmac-sha2-512, hmac-sha2-384, hmac-sha2-256, aes-xcbc-96, hmac-sha1-96, and hmac-md5-96. By default, the device does not support the aes-xcbc-96, hmac-md5-96, and hmac-sha1-96 parameters. To use these parameters, install the weak security algorithm component package (product_version_WEAKEA.mod). For details, see Dynamic Loading. These algorithms, however, are insecure and not recommended.

Example

# Set the integrity algorithm to be used in IKE proposal 10 to HMAC-SHA2-384.

<sysname> system-view
[sysname] ike proposal 10
[sysname-ike-proposal-10] integrity-algorithm hmac-sha2-384
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >