TCP Enhanced Authentication Option
Page 62 7450 ESS System Mangement Guide
Keychain
The keychain mechanism allows for the creation of keys used to authenticate protocol
communications. Each keychain entry defines the authentication attributes to be used in
authenticating protocol messages from remote peers or neighbors, and it must include at least
one key entry to be valid. Through the use of the keychain mechanism, authentication keys can
be changed without affecting the state of the associated protocol adjacencies for OSPF, IS-IS,
BGP, LDP, and RSVP-TE.
Each key within a keychain must include the following attributes for the authentication of
protocol messages:
• key identifier
• authentication algorithm
• authentication key
• direction
• start time
In addition, additional attributes can be optionally specified, including:
• end time
• tolerance
Table 6 shows the mapping between these attributes and the CLI command to set them.
Table 6: Keychain Mapping
Definition CLI
The key identifier expressed as an integer
(0...63)
config>system>security>keychain>direction>bi>entry
config>system>security>keychain>direction>uni>receive>entry
config>system>security>keychain>direction>uni>send>entry
Authentication algorithm to use with
key[i]
config>system>security>keychain>direction>bi>entry with algorithm algo-
rithm parameter.
config>system>security>keychain>direction>uni>receive>entry with algo-
rithm algorithm parameter.
config>system>security>keychain>direction>uni>send>entry with algorithm
algorithm parameter.
Shared secret to use with key[i]. config>system>security>keychain>direction>uni>receive>entry with shared
secret parameter
config>system>security>keychain>direction>uni>send>entry with shared
secret parameter
config>system>security>keychain>direction>bi>entry with shared secret
parameter
To Next Page
Loading...
