Ipsec Commands; Ah Authentication-Algorithm - H3C MSR Series Command Reference Manual

IPsec commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
The GDOI IPsec policy negotiation mode is not supported on the following routers:
•
MSR810-LMS/810-LUS.
•
MSR3600-28-SI/3600-51-SI.
IPv6-related parameters are not supported on the following routers:
•
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-L
MS/810-LUS.
•
MSR3600-28-SI/3600-51-SI.

ah authentication-algorithm

Use ah authentication-algorithm to specify authentication algorithms for the AH protocol.
Use undo ah authentication-algorithm to restore the default.
Syntax
In non-FIPS mode:
ah authentication-algorithm { aes-xcbc-mac | md5 | sha1 | sha256 | sha384 | sha512 | sm3 } *
undo ah authentication-algorithm
In FIPS mode:
ah authentication-algorithm { sha1| sha256 | sha384 | sha512 } *
undo ah authentication-algorithm
Default
AH does not use any authentication algorithms.
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
aes-xcbc-mac: Uses the HMAC-AES-XCBC-96 algorithm, which uses a 128-bit key. This keyword
is available only for IKEv2.
md5: Uses the HMAC-MD5 algorithm, which uses a 128-bit key.
sha1: Uses the HMAC-SHA1 algorithm, which uses a 160-bit key.
sha256: Uses the HMAC-SHA256 algorithm, which uses a 256-bit key.
sha384: Uses the HMAC-SHA384 algorithm, which uses a 384-bit key.
sha512: Uses the HMAC-SHA512 algorithm, which uses a 512-bit key.
sm3: Uses the HMAC-SM3 algorithm, which uses a 256-bit key. This keyword is available only for
IKEv1.
The following matrix shows the sm3 keyword and hardware compatibility:
509