Cisco Cisco ASR 5000
HA Service Configuration Mode Commands
▀ mn-ha-spi
▄ Command Line Interface Reference, StarOS Release 18
6268
permit-any-hash-algorithm
Default: disabled
Allows verification of the MN-HA authenticator using all other hash-algorithms after failure with configured
hash-algorithm. The successful algorithm is logged to aid in troubleshooting and used to create the MN-HA
authenticator in the Registration Reply message.
Allows verification of the MN-HA authenticator using all other hash-algorithms after failure with configured
hash-algorithm. The successful algorithm is logged to aid in troubleshooting and used to create the MN-HA
authenticator in the Registration Reply message.
replay-protection
{
nonce
|
timestamp
}
Default: timestamp
Specifies the replay-protection scheme that should be implemented by the HA service for this SPI.
Specifies the replay-protection scheme that should be implemented by the HA service for this SPI.
nonce
: configures replay protection to be implemented using NONCE per RFC 2002.
timestamp
: configures replay protection to be implemented using timestamps per RFC 2002.
timestamp-tolerance
tolerance
Default:
60
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to
then the session will be rejected. If this is set to
0
, timestamp tolerance checking is disabled at the receiving
end.
Tolerance is measured in seconds and can be configured to an integer from 0 through 65535.
Tolerance is measured in seconds and can be configured to an integer from 0 through 65535.
Usage
An SPI is a security mechanism configured and shared by the HA service and the mobile node. Please refer to
RFC 2002 for additional information.
Use the
RFC 2002 for additional information.
Use the
no
version of this command to delete a previously configured SPI.
Example
The following command configures the HA service to use an SPI of 640 when communicating with a mobile
node. The key that would be shared between the mobile node and the HA service is q397F65.
node. The key that would be shared between the mobile node and the HA service is q397F65.
mn-ha-spi spi-number 640 secret q397F65
The following command deletes the configured SPI of
400
:
no mn-ha-spi spi-number 400