Cisco Cisco ASR 5000
FA Service Configuration Mode Commands
▀ fa-ha-spi
▄ Command Line Interface Reference, StarOS Release 18
5066
Important:
The
encrypted
keyword is intended only for use by the system while saving configuration scripts.
The system displays the
encrypted
keyword in the configuration file as a flag that the variable following the
secret
keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved as part of the
configuration file.
configuration file.
secret
secret
: Specifies the shared key (secret) between the FA service and the HA.
secret
must
be an alphanumeric string of 1 through 127 characters that is case sensitive.
description
string
This is a description for the SPI.
string
must be an alphanumeric string of 1 through 31 characters.
hash-algorithm { hmac-md5 | md5 | rfc2002-md5 }
Default: hmac-md5
Specifies the hash-algorithm used between the FA service and the HA.
Specifies the hash-algorithm used between the FA service and the HA.
hmac-md5
: Configures the hash-algorithm to implement HMAC-MD5 per RFC 2002bis.
md5
: Configures the hash-algorithm to implement MD5 per RFC 1321.
rfc2002-md5
: Configures the hash-algorithm to implement keyed-MD5 per RFC 2002.
monitor-ha
Default: disabled
Enables the HA monitor feature for this HA address.
To set the behavior of the HA monitor feature, refer to the
Enables the HA monitor feature for this HA address.
To set the behavior of the HA monitor feature, refer to the
ha-monitor
command in this chapter. To disable
this command (if enabled) for this HA address, re-enter the entire
fa-ha-spi
command without the
monitor-ha
keyword.
replay-protection { timestamp | nonce }
Default: timestamp
Specifies the replay-protection scheme that should be implemented by the FA service for this SPI.
Specifies the replay-protection scheme that should be implemented by the FA service for this SPI.
nonce
: Configures replay protection to be implemented using NONCE per RFC 2002. Nonce is an
arbitrary number used only once to sign a cryptographic communication.
timestamp
: Configures replay protection to be implemented using timestamps per RFC 2002.
Important:
This keyword should only be used in conjunction with Proxy Mobile IP support.
timestamp-tolerance
tolerance
Default: 60
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then timestamp tolerance checking is disabled at the
receiving end.
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then timestamp tolerance checking is disabled at the
receiving end.
tolerance
is measured in seconds and can be configured to an integer value from 0 through 65535.
Important:
This keyword should only be used in conjunction with Proxy Mobile IP support.