digest (L2TP)
To configure digest options, use the digest command in L2TP class configuration mode. To return to the
default behavior, use the no form of this command.
digest {check disable| hash {MD5| SHA1}| secret {0| 7| word}}
no digest {check disable| hash {MD5| SHA1}| secret {0| 7| word}}
Syntax Description
Disables digest checking.check disable
Configures the digest hash method (MD5 or SHA1). Default is
MD5.
hash {MD5 | SHA1}
Configures a shared secret for message digest.
secret {0 | 7 | word}
Command Default
check disable: Digest checking is enabled by default.
hash: Default is MD5 if the digest command is issued without the secret keyword option and L2TPv3 integrity
checking is enabled.
Command Modes
L2TP class configuration
Command History
ModificationRelease
This command was introduced.Release 3.7.0
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task
IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator
for assistance.
The digest secret and hash algorithm can be configured in the l2tp-class configuration for authentication of
the control channel. For control channel authentication to work correctly, however, both sides of the L2TP
control channel connection must share a common secret and hash algorithm.
To update of digest secret without network disruption, Cisco supports a maximum to two digest secrets. You
can configure a new secret while keeping the old secret valid. You can safely remove the old secret after you
update all affected peer nodes with a new secret,
Task ID
OperationsTask ID
read, writel2vpn
Cisco IOS XR Virtual Private Network Command Reference for the Cisco XR 12000 Series Router, Release 4.3.x
OL-28460-01 27
Virtual Private Network Commands
digest (L2TP)
To Next Page
General
