Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
241242243244245246247248249250
233
Syntax
authentication-method { dsa-signature | pre-share | rsa-signature }
undo authentication-method
Default
The IKE proposal uses the pre-shared key as the authentication method.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
dsa-signature: Specifies the DSA signatures as the authentication method.
pre-share: Specifies the pre-shared key as the authentication method.
rsa-signature: Specifies the RSA signatures as the authentication method.
Usage guidelines
Pre-shared key authentication does not require certificates as signature authentication, and is easy to set
up in a simple network. Signature authentication provides higher security, and is usually deployed in a
large-scale network, such as a network with many branches. Signature authentication using a CA
improves the manageability and scalability of the network.
Authentication methods configured on both IKE ends must match.
If you specify RSA or DSA signatures, you must configure the IKE peer to obtain certificates from a CA.
If you specify pre-shared keys, you must configure these pre-shared keys on both IKE ends.
Examples
# Specify pre-shared key authentication to be used in IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] authentication-method pre-share
Related commands
display ike proposal
ike keychain
pre-shared-key
dh
Use dh to specify the DH group to be used in key negotiation phase 1 for an IKE proposal.
Use undo dh to restore the default.
Syntax
dh { group1 | group14 | group2 | group24 | group5 }
undo dh