363
mdc-admin
Parameters
hmac-md5
: Specifies the HMAC-MD5 authentication algorithm, which provides a key length of 16
bytes.
md5
: Specifies the MD5 authentication algorithm, which provides a key length of 16 bytes.
algorithm-id
: Specifies an algorithm ID in the range of 1 to 63.
Usage guidelines
If an application uses keychain authentication during TCP connection establishment, the incoming
and outgoing TCP packets will carry the TCP Enhanced Authentication Option. The
algorithm-id
field
in the option represents the authentication algorithm ID. The algorithm IDs are not assigned by IANA.
They are vendor-specific.
To communicate with a peer device from another vendor, the local device must have the same
algorithm ID as the peer device. For example, if the algorithm ID is 3 for the HMAC-MD5 algorithm on
the peer device, you must execute the
tcp-algorithm-id
hmac-md5
3 command on the local device.
Examples
# Create keychain
abc
and set the algorithm ID to 1 for the HMAC-MD5 authentication algorithm.
<Sysname> system-view
[Sysname] keychain abc mode absolute
[Sysname-keychain-abc] tcp-algorithm-id hmac-md5 1
tcp-kind
Use
tcp-kind
to set the kind value in the TCP Enhanced Authentication Option.
Use
undo tcp-kind
to restore the default.
Syntax
tcp-kind kind-value
undo tcp-kind
Default
The kind value is 254 in the TCP Enhanced Authentication Option.
Views
Keychain view
Predefined user roles
network-admin
mdc-admin
Parameters
kind-value
: Specifies the kind value in the range of 28 to 255. The default is 254.
Usage guidelines
If an application uses keychain authentication during TCP connection establishment, the incoming
and outgoing TCP packets will carry the TCP Enhanced Authentication Option. For a successful
packet authentication, the local device and the peer device must have the same kind value setting in
the TCP Enhanced Authentication Option.
Examples
# Set the kind value to 252 for keys in keychain
abc
in absolute time mode.