IPsec commands
IPsec commands are supported only when the switch is operating in FIPS mode. For more information
about FIPS mode, see Security Configuration Guide.
ah authentication-algorithm
Use ah authentication-algorithm to specify authentication algorithms for the AH protocol.
Use undo ah authentication-algorithm to remove all specified authentication algorithms for the AH
protocols.
Syntax
In non-FIPS mode:
ah authentication-algorithm { md5 | sha1 } *
undo ah authentication-algorithm
In FIPS mode:
ah authentication-algorithm sha1
undo ah authentication-algorithm
Default
AH does not use any authentication algorithm.
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
md5: Uses the HMAC-MD5 algorithm, which uses a 128-bit key.
sha1: Uses the HMAC-SHA1 algorithm, which uses a 160-bit key.
Usage guidelines
You can specify multiple AH authentication algorithms for one IPsec transform set, and the algorithm
specified earlier has a higher priority.
For a manual IPsec policy, the first specified AH authentication algorithm takes effect. To make sure
•
an IPsec tunnel can be established successfully, the IPsec transform sets specified at both ends of the
tunnel must have the same first AH authentication algorithm.
313