Cisco Cisco ASR 5000
HA Service Configuration Mode Commands
mn-ha-spi ▀
Command Line Interface Reference, StarOS Release 18 ▄
6267
mn-ha-spi
Configures the security parameter index (SPI) between the HA service and the mobile node (MN).
Product
HA
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > HA Service Configuration
configure > context context_name > ha-service service_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-ha-service)#
Syntax
mn-ha-spi spi-number number [ description string ] [ encrypted secret enc_secret ] [
hash-algorithm { hmac-md5 | md5 | rfc2002-md5 } ] [ permit-any-hash-algorithm ] [ replay-
protection { nonce | timestamp } ] [ secret secret ] [ timestamp-tolerance tolerance ]
hash-algorithm { hmac-md5 | md5 | rfc2002-md5 } ] [ permit-any-hash-algorithm ] [ replay-
protection { nonce | timestamp } ] [ secret secret ] [ timestamp-tolerance tolerance ]
no mn-ha-spi spi-number number
spi-number
number
Specifies the SPI (number) which indicates a security context between the mobile node and the HA service in
accordance with RFC 2002.
accordance with RFC 2002.
number
can be configured to an integer from 256 through 4294967295.
description
string
This is a description for the SPI.
string
is an alphanumeric string of 1 through 31 characters.
encrypted secret
enc_secret
|
secret
secret
Configures the shared-secret between the HA service and the mobile node. The secret can be either encrypted
or non-encrypted.
or non-encrypted.
encrypted secret
enc_secret
: Specifies the encrypted shared key between the HA service and the
mobile node.
enc_secret
must be an alphanumeric string of 1 through 254 characters that is case sensitive.
secret
secret
: Specifies the shared key between the HA service and the mobile node.
secret
must be an
alphanumeric string of 1 through 127 characters that is case sensitive.
The
The
encrypted
keyword is intended only for use by the chassis while saving configuration scripts. The
system displays the
encrypted
keyword in the configuration file as a flag that the variable following the
secret
keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved
as part of the configuration file.
hash-algorithm
{
hmac-md5
|
md5
|
rfc2002-md5
}
Default: hmac-md5
Specifies the hash-algorithm used between the HA service and the mobile node.
Specifies the hash-algorithm used between the HA service and the mobile node.
hmac-md5
: Configures the hash-algorithm to implement HMAC-MD5 per RFC 2002bis.
md5
: Configures the hash-algorithm to implement MD5 per RFC 1321.
rfc2002-md5
: Configures the hash-algorithm to implement keyed-MD5 per RFC 2002.