pre-shared-key
Use pre-shared-key to configure a pre-shared key.
Use undo pre-shared-key to delete a pre-shared key.
Syntax
pre-shared-key [ local | remote ] { ciphertext | plaintext } string
undo pre-shared-key [ local | remote ]
Default
No pre-shared key exists.
Views
IKEv2 peer view
Predefined user roles
network-admin
mdc-admin
Parameters
local: Specifies a pre-shared key for certificate signing.
remote: Specifies a pre-shared key for certificate authentication.
ciphertext: Specifies a pre-shared key in encrypted form.
plaintext: Specifies a pre-shared key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the pre-shared key. The key is case sensitive. In non-FIPS mode, its plaintext form is a string of 1 to 128 characters and its encrypted form is a string of 1 to 201 characters. In FIPS mode, its plaintext form is a string of 15 to 128 characters and its encrypted form is a string of 15 to 201 characters.
Usage guidelines
If you specify the local or remote keyword, you configure an asymmetric key. If you specify neither the local nor the remote keyword, you configure a symmetric key.
To delete a key by using the undo command, you must specify the correct key type. For example, if you configure a key by using the pre-shared-key local command, you cannot delete the key by using the undo pre-shared-key or undo pre-shared-key remote command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
On the initiator:
# Create an IKEv2 keychain named key1.
<Sysname> system-view [Sysname] ikev2 keychain key1
# Create an IKEv2 peer named peer1.
[Sysname-ikev2-keychain-key1] peer peer1
# Configure 111-key as the symmetric plaintext pre-shared key.
[Sysname-ikev2-keychain-key1-peer-peer1] pre-shared-key plaintext 111-key [Sysname-ikev2-keychain-key1-peer-peer1] quit
# Create an IKEv2 peer named peer2.
[Sysname-ikev2-keychain-key1] peer peer2
# Configure asymmetric plaintext pre-shared keys. The key for certificate signing is 111-key-a and the key for certificate authentication is 111-key-b.
[Sysname-ikev2-keychain-key1-peer-peer2] pre-shared-key local plaintext 111-key-a [Sysname-ikev2-keychain-key1-peer-peer2] pre-shared-key remote plaintext 111-key-b
On the responder:
# Create an IKEv2 keychain named telecom.
<Sysname> system-view [Sysname] ikev2 keychain telecom
# Create an IKEv2 peer named peer1.
[Sysname-ikev2-keychain-telecom] peer peer1
# Configure 111-key as the symmetric plaintext pre-shared key.
[Sysname-ikev2-keychain-telecom-peer-peer1] pre-shared-key plaintext 111-key [Sysname-ikev2-keychain-telecom-peer-peer1] quit
# Create an IKEv2 peer named peer2.
[Sysname-ikev2-keychain-telecom] peer peer2
# Configure asymmetric plaintext pre-shared keys. The key for certificate signing is 111-key-b and the key for certificate authentication is 111-key-a.
[Sysname-ikev2-keychain-telecom-peer-peer2] pre-shared-key local plaintext 111-key-b [Sysname-ikev2-keychain-telecom-peer-peer2] pre-shared-key remote plaintext 111-key-a
Related commands
ikev2 keychain
peer