H3C MSR Series Command Reference Manual page 627
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
In FIPS mode:
pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address
[ prefix-length ] } | hostname host-name } key [ cipher string ]
undo pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address
[ prefix-length ] } | hostname host-name }
Default
No pre-shared key is configured.
Views
IKE keychain view
Predefined user roles
network-admin
Parameters
address: Specifies a peer by its address.
ipv4-address: Specifies the IPv4 address of the peer.
mask: Specifies the mask in dotted decimal notation. The default mask is 255.255.255.255.
mask-length: Specifies the mask length in the range of 0 to 32. The default mask length is 32.
ipv6: Specifies an IPv6 peer.
ipv6-address: Specifies the IPv6 address of the peer.
prefix-length: Specifies the prefix length in the range of 0 to 128. The default prefix length is 128.
hostname host-name: Specifies a peer by its hostname, a case-sensitive string of 1 to 255
characters.
key: Specifies a pre-shared key.
cipher: Specifies a pre-shared key in encrypted form.
simple: Specifies a pre-shared key in plaintext form. For security purposes, the key specified in
plaintext form will be stored in encrypted form.
string: Specifies the pre-shared key. The key is case sensitive. In non-FIPS mode, its plaintext form
is a string of 1 to 128 characters and its encrypted form is a string of 1 to 201 characters. In FIPS
mode, its plaintext form is a string of 1 to 128 characters and its encrypted form is a string of 15 to
201 characters.
Usage guidelines
The address option or the hostname option specifies the peer with which the device can use the
pre-shared key to perform IKE negotiation.
Two peers must be configured with the same pre-shared key to pass pre-shared key authentication.
In FIPS mode, if you do not specify the cipher string option, you specify a plaintext pre-shared key in
interactive mode. The key is a case-sensitive string of 15 to 128 characters, and it must contain
uppercase and lowercase letters, digits, and special characters other than the question mark (?). In
non-FIPS mode, this command does not support configuring a pre-shared key in interactive mode.
Examples
# Create the IKE keychain key1 and enter IKE keychain view.
<Sysname> system-view
[Sysname] ike keychain key1
# Set the pre-shared key to be used for IKE negotiation with peer 1.1.1.2 to 123456TESTplat&!.
604
Advertisement
Table of Contents
