H3C MSR Series Command Reference Manual page 636
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Use undo authentication-method to remove the local or remote identity authentication method.
Syntax
authentication-method { local | remote } { dsa-signature | ecdsa-signature | pre-share |
rsa-signature }
undo authentication-method local
undo authentication-method remote { dsa-signature | ecdsa-signature | pre-share |
rsa-signature }
Default
No local or remote identity authentication method is specified.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
local: Specifies the local identity authentication method.
remote: Specifies the remote identity authentication method.
dsa-signature: Specifies the DSA signatures as the identity authentication method.
ecdsa-signature: Specifies the ECDSA signatures as the identity authentication method.
pre-share: Specifies the pre-shared key as the identity authentication method.
rsa-signature: Specifies the RSA signatures as the identity authentication method.
Usage guidelines
The local and remote identity authentication methods must both be specified and they can be
different.
You can specify only one local identity authentication method. You can specify multiple remote
identity authentication methods by executing this command multiple times when there are multiple
remote ends whose authentication methods are unknown.
If you use RSA, DSA, or ECDSA signature authentication, you must specify PKI domains for
obtaining certificates. You can specify PKI domains by using the certificate domain command in
IKEv2 profile view or by using the pki domain command in system view. PKI domains specified in
IKEv2 profile view take precedence over those specified in system view.
If you specify the pre-shared key method, you must specify a pre-shared key for the IKEv2 peer in
the keychain used by the IKEv2 profile.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Specify the pre-shared key and RSA signatures as the local and remote authentication methods,
respectively.
[Sysname-ikev2-profile-profile1] authentication local pre-share
[Sysname-ikev2-profile-profile1] authentication remote rsa-signature
# Specify the PKI domain genl as the PKI domain for obtaining certificates.
[Sysname-ikev2-profile-profile1] certificate domain genl
# Specify the keychain keychain1.
613
Advertisement
Table of Contents
