R2511-HP MSR Router Series Security Command Reference(V5)
268
Syntax
authentication { local | remote } { pre-share | rsa-sig }
undo authentication { local | remote { pre-share | rsa-sig } }
Default
Both the local end and remote end use the pre-shared key authentication method.
Views
IKEv2 profile view
Default command level
2: System level
Parameters
local: Specifies the local identity authentication method.
remote: Specifies the remote identity authentication method.
pre-share: Uses the pre-shared key authentication method.
rsa-sig: Uses the RSA digital signature authentication method.
Usage guidelines
Two peers might use different identity authentication methods.
You can specify only one local identity authentication method but can specify multiple remote identity
authentication methods. When the device has multiples peers and the identity authentication methods
of the peers are unknown, use this command to configure multiple remote identity authentication
methods.
If you configure the RSA digital signature authentication method, you must use the pki domain command
in IKEv2 profile view to specify the PKI domain used to obtain the signature and digital certificate. If you
configure the pre-shared key authentication method, you must specify a pre-shared key for the peer in the
keyring referenced by the current IKEv2 profile.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Set the local and remote authentication methods to pre-shared key authentication and RSA digital
signature authentication respectively.
[Sysname-ikev2-profile-profile1] authentication local pre-share
[Sysname-ikev2-profile-profile1] authentication remote rsa-sig
# Use PKI domain genl for certificate signing and authentication.
[Sysname-ikev2-profile-profile1] pki domain genl
# Reference keyring keyring1 in the profile.
[Sysname-ikev2-profile-profile1] keyring keyring1
Related commands
• display ikev2 profile
• pki domain (IKEv2 profile view)
• keyring