hashing algorithm example
Once again since this article is sort of lengthy I’m going to get right down to it; so without far ado let’s begin.
The Cisco IOS “ISAKMP policy configuration” mode command named “group“, is used to specify the “Diffie-Hellman group identifier” within an Internet Key Exchange (IKE) policy.
Below is the proper syntax and example of using the command:
Syntax: group {1 | 2 | 5}
1 – Specifies a 768-bit Diffie-Hellman group identifier
2 – Specifies a 1024-bit Diffie-Hellman group identifier
5 – Specifies a 1536-bit Diffie-Hellman group identifier
Example:
Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#group 2
Router(config-isakmp)#end
Router#copy run start
In the example above, notice that the router’s prompt is in “ISAKMP policy configuration” mode when the “group” command is being used; and the number 1 IKE policy is being configured with a 1024-bit Diffie-Hellman group identifier.
Now, in order to reset a Diffie-Hellman group identifier back to the default value of 768-bit, all a network administrator (like you) has to do is type the word “no” in front of the command like you see below:
Router(config-isakmp)#no group
Remember, the default value for a Diffie-Hellman group identifier is 768-bit; and your router(s) must be running Cisco IOS 12.4(4)T or higher in order to use the “group” ISAKMP policy configuration mode command on IPv6 networks.
Well, that pretty much sums up the “group” ISAKMP policy configuration mode command; so, let’s move on to the to the “hash” ISAKMP policy configuration mode command.
The Cisco IOS “ISAKMP policy configuration” mode command named “hash” is used to specify the hash algorithm within an Internet Key Exchange (IKE) policy.
Below is the proper syntax and example of using the command:
Syntax: hash {sha | md5}
sha — Specifies SHA-1 (HMAC variant) as the hash algorithm.
md5 — Specifies MD5 (HMAC variant) as the hash algorithm.
Example:
Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#hash md5
Router(config-isakmp)#end
Router#copy run start
In the example above, notice that the router’s prompt is in “ISAKMP policy configuration” mode when the “hash” command is being used; and the number 1 IKE policy is being configured with a MD5 hash algorithm.
Now, in order to reset a hash algorithm back to the default of SHA-1, all a network administrator (like you) has to do is type the word “no” in front of the command like you see below:
Router(config-isakmp)#no hash
Remember, the default for a hash algorithm is SHA-1; and your router(s) must be running Cisco IOS 12.4(4)T or higher in order to use the “hash” ISAKMP policy configuration mode command on IPv6 networks.
I hope this article was very informative and helped you quickly understand the usage of the “group and hash” ISAKMP policy configuration mode commands. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos about IPv6 technology and how it works with Cisco Systems technology.
Sign-Up for “18 Free Videos” that will teach you IPv6 Address Representation In Under 10 Minutes! And, also learn more about the new “Cisco IPv6 Video Accelerated Training Course” at his website. http://www.ciscoipv6ittechtips.com
Fox News Reports on Jenkem
