Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure Key Chain

Configuration Condition

None

Configure a Key Chain

Key chain is a password management tool. It provides authentication passwords for the routing protocol to authentication protocol packets. A key chain provides different passwords for transmitting and receiving packets, and it provides different passwords for different Key IDs. Meanwhile, a key chain can automatically switch passwords according to the validity duration of keys, that is, it uses different keys in different periods of time. This greatly enhances the password security.

You can configure multiple Key IDs for a key chain. When a protocol uses the key chain for authentication, it obtains the Key ID according to the following rules:

  • The minimum valid transmit passwords of the Key IDs are obtained as the transmit passwords.
  • Among the Key IDs that are larger than the specified key IDs of the protocol, obtain the minimum valid receive passwords of the Key IDs as the receive passwords.
  • If a Key ID is contained in the received protocol packets, a search for the valid receive passwords are performed based on the Key ID. Otherwise, the minimum valid receive passwords of the Key IDs in the local key chain is used as the receive password.

Table 15-10 Configure a key chain

Step

Command

Description

Enter the global configuration mode.

configure terminal

-

Configure a key chain.

key chain keychain-name

Mandatory.

By default, the key chain is not configured.

Configure a Key ID.

key key-id

Mandatory.

By default, the key ID is not configured.

Configure a password.

key-string [ 0 | 7 ] password

Mandatory.

By default, no password is configured.
A blank space is also regarded as a password character. Pay attention to this while configuring a password.

Configure the valid duration in which a key acts as the receive password.

accept-lifetime time-start { time-end | duration second infinite }

Mandatory.

By default, the receive password is always valid.

Configure the valid duration in which a key acts as the transmit password.

send-lifetime time-start { time-end | duration second infinite }

Mandatory.

By default, the transmit password is always valid.