pre-shared-key
Use pre-shared-key to configure a pre-shared key.
Use undo pre-shared-key to delete a pre-shared key.
Syntax
In non-FIPS mode:
pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name } key { cipher | simple } string
undo pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name }
In FIPS mode:
pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name } key [ cipher string ]
undo pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name }
Default
No pre-shared key is configured.
Views
IKE keychain view
Predefined user roles
network-admin
mdc-admin
Parameters
address: Specifies a peer by its address.
ipv4-address: Specifies the IPv4 address of the peer.
mask: Specifies the mask in dotted decimal notation. The default mask is 255.255.255.255.
mask-length: Specifies the mask length in the range of 0 to 32. The default mask length is 32.
ipv6: Specifies an IPv6 peer.
ipv6-address: Specifies the IPv6 address of the peer.
prefix-length: Specifies the prefix length in the range of 0 to 128. The default prefix length is 128.
hostname host-name: Specifies a peer by its hostname, a case-sensitive string of 1 to 255 characters.
key: Specifies a pre-shared key.
cipher: Specifies a pre-shared key in encrypted form.
simple: Specifies a pre-shared key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the pre-shared key. The key is case sensitive. In non-FIPS mode, its plaintext form is a string of 1 to 128 characters and its encrypted form is a string of 1 to 201 characters. In FIPS mode, its plaintext form is a string of 1 to 128 characters and its encrypted form is a string of 15 to 201 characters.
Usage guidelines
The address option or the hostname option specifies the peer with which the device can use the pre-shared key to perform IKE negotiation.
Two peers must be configured with the same pre-shared key to pass pre-shared key authentication.
In FIPS mode, if you do not specify the cipher string option, you specify a plaintext pre-shared key in interactive mode. The key is a case-sensitive string of 15 to 128 characters, and it must contain uppercase and lowercase letters, digits, and special characters other than the question mark (?). In non-FIPS mode, this command does not support configuring a pre-shared key in interactive mode.
Examples
# Create IKE keychain key1 and enter IKE keychain view.
<Sysname> system-view [Sysname] ike keychain key1
# Set the pre-shared key to be used for IKE negotiation with peer 1.1.1.2 to 123456TESTplat&!.
[Sysname-ike-keychain-key1] pre-shared-key address 1.1.1.2 255.255.255.255 key simple 123456TESTplat&!
Related commands
authentication-method
keychain