The tcp-kind command specifies the option type to be used while sending packets with TCP Enhanced Authentication option.
The undo tcp-kind command restores the default option type.
By default, the option type is 254.
| Parameter | Description | Value |
|---|---|---|
| kind-value | Specifies the TCP kind value to be used by the keychain. | The value ranges from 28 to 255. By default, the value is 254. |
Usage Scenario
A keychain ensures a secure protocol packet transmission by changing the authentication algorithm and key dynamically. Packets to be transmitted over non-TCP and TCP connections are authenticated using the authentication and encryption algorithms corresponding to a key ID. The difference lies in that the TCP connection needs to be authenticated to enhance the security.
TCP connection request packets carry enhanced authentication options and are authenticated by a specified authentication algorithm. At present, different vendors use different kind values to specify the enhanced authentication option. kind-value configured for two communication devices must be identical.
Prerequisites
Two communication devices with the keychain authentication mode establish a TCP connection.
Precautions
If TCP connection request packets carry enhanced authentication options, the kind value must be specified in the packets.
Follow-up Procedure
After setting the same kind value for the two communication devices, specify the same algorithm ID corresponding to the authentication algorithm for the two devices.