Keychain Authentication
Page 192 7450 ESS System Mangement Guide
Default There are no default entries.
Parameters entry-id — Specifies an entry that represents a key configuration to be applied to a keychain.
Values 0 — 63
key — Specifies a key ID which is used along with keychain-name and direction to uniquely
identify this particular key entry.
authentication-key — Specifies the authentication-key that will be used by the encryption algorithm.
The key is used to sign and authenticate a protocol packet.
The authentication-key can be any combination of letters or numbers. .
Values A key must be 160 bits for algorithm hmac-sha-1-96 and must be 128 bits for
algorithm aes-128-cmac-96. If the key given with the entry command amounts to
less than this number of bits, then it is padded internally with zero bits up to the
correct length.
algorithm-algorithm — Specifies an enumerated integer that indicates the encryption algorithm to be
used by the key defined in the keychain.
Values aes-128-cmac-96 — Specifies an algorithm based on the AES standard for TCP
authentication..
hmac-sha-1-96 — Specifies an algorithm based on SHA-1 for RSVP-TE and TCP
authentication.
message-digest — MD5 hash used for TCP authentication.
hmac-md5 — MD5 hash used for IS-IS and RSVP-TE.
password – Specifies a simple password authentication for OSPF, IS-IS, and
RSVP-TE.
hmac-sha-1 — Specifies the sha-1 algorithm for OSPF, IS-IS, and RSVP-TE.
hmac-sha-256 — Specifies the sha-256 algorithm for OSPF and IS-IS.
hash-key | hash2-key — The hash key. The key can be any combination of ASCII characters up to 33
for the hash-key and 96 characters for the hash2-key in length (encrypted). If spaces are used in
the string, enclose the entire string in quotation marks (“ ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual
unencrypted key value is not provided.
hash — Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key
is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted
form in the configuration file with the hash parameter specified.
hash2 — Specifies the key is entered in a more complex encrypted form.
begin-time
Syntax begin-time [date] [hours-minutes] [UTC] [now] [forever]
Context config>system>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
To Next Page
Loading...
