для Cisco Cisco ASR 5000
HSGW Service Configuration Mode Commands
▀ spi remote-address
▄ Command Line Interface Reference, StarOS Release 18
6378
secret
keyword is the encrypted version of the plain text secret key. Only the encrypted secret key is saved
as part of the configuration file.
description
string
This is a description for the SPI expressed as an alphanumeric string of 1 through 31 characters.
hash-algorithm
{
md5
|
rfc2002-md5
}
Specifies the hash-algorithm used between the HSGW service and the PCF. Default: md5
md5
: Configures the hash-algorithm to implement MD5.
rfc2002-md5
: Configures the hash-algorithm to implement keyed-MD5.
replay-protection
{
nonce
|
timestamp
}
Specifies the replay-protection scheme that should be implemented by the HSGW service. Default: timestamp
nonce
: Configures replay protection to be implemented using NONCE (Number ONCE).
timestamp
: Configures replay protection to be implemented using timestamps.
timestamp-tolerance
tolerance
Specifies the allowable difference (in seconds) between timestamps as an integer from 0 through 65535. If
the difference is exceeded, the session will be rejected. If set to 0, timestamp tolerance checking is disabled at
the receiving end. Default: 60
the difference is exceeded, the session will be rejected. If set to 0, timestamp tolerance checking is disabled at
the receiving end. Default: 60
zone
zone_id
Specifies the different PCF zones to configure in HSGW service. Mapping of a zone-number to a set of
HSGWs can be done per HSGW service basis.
HSGWs can be done per HSGW service basis.
zone_id
is an integer value from 1 through 32. A maximum of 32 PCF zones can be configured for a HSGW
service.
Usage
An SPI is a security mechanism configured and shared by the PCF and the HSGW service. Please refer to
IETF RFC 2002: IP Mobility Support for additional information.
Multiple SPIs can be configured if the HSGW service is communicating with multiple eAN/ePCFs.
IETF RFC 2002: IP Mobility Support for additional information.
Multiple SPIs can be configured if the HSGW service is communicating with multiple eAN/ePCFs.
Important:
The SPI configuration on the PCF must match the SPI configuration for the HSGW service on the
system in order for the two devices to communicate properly.
This command used with the
zone
keyword redirects all calls on the basis of PCF zone to the specific HSGW
on the basis of parameters configured using the
policy pcf-zone-match
command.
Example
The following command configures the HSGW service to use an SPI of
256
when communicating with a
PCF with the IP address
192.168.0.2
. The key that would be shared between the PCF and the HSGW
service is
q397F65
.
spi remote-address 192.168.0.2 spi-number 256 secret q397F65
The following command creates the configured SPI of
400
for an PCF with an IP address of
172.100.3.200
and zone id as
11
:
spi remote-address 172.100.3.200 spi-number 400 zone 11