Cisco Cisco Packet Data Gateway (PDG) 故障排查指南
HA Service Configuration Mode Commands
▀ mn-ha-spi
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
Allows verification of the MN-HA authenticator using all other hash-algorithms after failure with configured
hash-algorithm. Successful algorithm is logged to aid in troubleshooting and is used to create the MN-HA
authenticator in the Registration Reply message.
hash-algorithm. Successful algorithm is logged to aid in troubleshooting and is used to create the MN-HA
authenticator in the Registration Reply message.
Default: timestamp
Specifies the replay-protection scheme that should be implemented by the HA service for this SPI.
Specifies the replay-protection scheme that should be implemented by the HA service for this SPI.
: configures replay protection to be implemented using NONCE per RFC 2002.
: configures replay protection to be implemented using timestamps per RFC 2002.
Default: 60
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
tolerance is measured in seconds and can be configured to any integer value between 0 and 65535.
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
tolerance is measured in seconds and can be configured to any integer value between 0 and 65535.
Usage
An SPI is a security mechanism configured and shared by the HA service and the mobile node. Please refer to
RFC 2002 for additional information.
Use the no version of this command to delete a previously configured SPI.
RFC 2002 for additional information.
Use the no version of this command to delete a previously configured SPI.
Example
The following command configures the HA service to use an SPI of 640 when communicating with a mobile node. The
key that would be shared between the mobile node and the HA service is q397F65.
The following command configures the HA service to use an SPI of 640 when communicating with a mobile node. The
key that would be shared between the mobile node and the HA service is q397F65.
The following command deletes the configured SPI of 400: