prf
Use prf to specify pseudo-random function (PRF) algorithms for an IKEv2 proposal.
Use undo prf to restore the default.
Syntax
In non-FIPS mode:
prf { aes-xcbc-mac | md5 | sha1 | sha256 | sha384 | sha512 } *
undo prf
In FIPS mode:
prf { sha1 | sha256 | sha384 | sha512 } *
undo prf
Default
An IKEv2 proposal uses the integrity protection algorithms as the PRF algorithms.
Views
IKEv2 proposal view
Predefined user roles
network-admin
mdc-admin
Parameters
aes-xcbc-mac: Uses the HMAC-AES-XCBC-MAC algorithm.
md5: Uses the HMAC-MD5 algorithm.
sha1: Uses the HMAC-SHA1 algorithm.
sha256: Uses the HMAC-SHA256 algorithm.
sha384: Uses the HMAC-SHA384 algorithm.
sha512: Uses the HMAC-SHA512 algorithm.
Usage guidelines
You can specify multiple PRF algorithms for an IKEv2 proposal. An algorithm specified earlier has a higher priority.
Examples
# Create an IKEv2 proposal named prop1.
<Sysname> system-view [Sysname] ikev2 proposal prop1
# Specify HMAC-SHA1 and HMAC-MD5 as the PRF algorithms, with HMAC-SHA1 preferred.
[Sysname-ikev2-proposal-prop1] prf sha1 md5
Related commands
ikev2 proposal
integrity