< Home

xauth type

Function

The xauth type command configures an IKEv1 extended authentication mode.

The undo xauth type command restores the default IKEv1 extended authentication mode.

By default, the IKEv1 extended authentication mode is CHAP.

Format

xauth type { chap | pap }

undo xauth type

Parameters

Parameter

Description

Value

chap

Specifies the Challenge Handshake Authentication Protocol (CHAP) mode.

-

pap

Specifies the Password Authentication Protocol (PAP) mode.

NOTE:

When PAP is used, the password is transmitted in plain text on a network. PAP has security risks, so CHAP is recommended.

-

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

To improve the security of IKE peers, IKEv1 extended authentication can be used to authenticate the remote device. Two authentication modes are available:

  • CHAP: applies to the scenario demanding high security and supporting local and server authentication.

  • PAP: applies to the scenario demanding low security and supporting local and server authentication.

Example

# Set the IKEv1 extended authentication mode to CHAP.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] xauth type chap
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >