[x]

IKEv2 commands > prf

 

 Next

prf

Use prf to specify pseudo-random function (PRF) algorithms for an IKEv2 proposal.

Use undo prf to restore the default.

Syntax

In non-FIPS mode:

prf { aes-xcbc-mac | md5 | sha1 | sha256 | sha384 | sha512 } *

undo prf

In FIPS mode:

prf { sha1 | sha256 | sha384 | sha512 } *

undo prf

Default

An IKEv2 proposal uses the integrity protection algorithms as the PRF algorithms.

Views

IKEv2 proposal view

Predefined user roles

network-admin

mdc-admin

Parameters

aes-xcbc-mac: Uses the HMAC-AES-XCBC-MAC algorithm.

md5: Uses the HMAC-MD5 algorithm.

sha1: Uses the HMAC-SHA1 algorithm.

sha256: Uses the HMAC-SHA256 algorithm.

sha384: Uses the HMAC-SHA384 algorithm.

sha512: Uses the HMAC-SHA512 algorithm.

Usage guidelines

You can specify multiple PRF algorithms for an IKEv2 proposal. An algorithm specified earlier has a higher priority.

Examples

# Create an IKEv2 proposal named prop1.

<Sysname> system-view
[Sysname] ikev2 proposal prop1

# Specify HMAC-SHA1 and HMAC-MD5 as the PRF algorithms, with HMAC-SHA1 preferred.

[Sysname-ikev2-proposal-prop1] prf sha1 md5

Related commands

ikev2 proposal

integrity

prev

 

up

 next

pre-shared-key 

home

 priority (IKEv2 policy view)

© Copyright 2018 Hewlett Packard Enterprise Development LP