Authentication-Method - H3C MSR Series Command Reference Manual

Hardware
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC
MSR 3610/3620/3620-DP/3640/3660
MSR5620/5660/5680
Examples
# Specify HMAC-SHA1 as the authentication algorithm for IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] authentication-algorithm sha
Related commands
display ike proposal

authentication-method

Use authentication-method to specify an authentication method to be used in an IKE proposal.
Use undo authentication-method to restore the default.
Syntax
authentication-method { dsa-signature | pre-share | rsa-signature }
undo authentication-method
Default
The IKE proposal uses the pre-shared key as the authentication method.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
dsa-signature: Specifies the DSA signatures as the authentication method.
pre-share: Specifies the pre-shared key as the authentication method.
rsa-signature: Specifies the RSA signatures as the authentication method.
Usage guidelines
Pre-shared key authentication does not require certificates as signature authentication does, and it is
usually used in a simple network. Signature authentication provides higher security, and it is usually
deployed in a large-scale network, such as a network with many branches. In a network with many
branches, using pre-shared key authentication requires the headquarters to configure a pre-shared
key for each branch. Using signature authentication only requires the headquarters to configure one
PKI domain.
Authentication methods configured on both IKE ends must match.
If you specify RSA or DSA signatures, you must configure the IKE peer to obtain certificates from a
CA.
If you specify pre-shared keys, you must configure these pre-shared keys on both IKE ends.
Keyword compatibility
Yes
Yes
Yes
575