Implementing Keychain Management onCisco IOS XR Software
How to Implement Keychain Management
SC-164
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Configuring the Cryptographic Algorithm
This task allows the keychain configuration to accept the choice of the cryptographic algorithm.
SUMMARY STEPS
1. configure
2. key chain key-chain-name
3. key key-id
4. cryptographic-algorithm [HMAC-MD5 | HMAC-SHA1-12 | HMAC-SHA1-20 | MD5 | SHA-1]
Step 4
send-lifetime start-time [duration
duration-value | infinite | end-time]
Example:
RP/0/RP0/CPU0:router(config-isis-keys)# key 8
RP/0/RP0/CPU0:router(config-isis-keys-0x8)#
send-lifetime 1:00:00 october 24 2005 infinite
(Optional) Specifies the set time period during which an
authentication key on a keychain is valid to be sent. You can
specify the validity of the key lifetime in terms of clock
time.
In addition, you can specify a start-time value and one of the
following values:
• duration keyword (seconds)
• infinite keyword
• end-time argument
If you intend to set lifetimes on keys, Network Time
Protocol (NTP) or some other time synchronization method
is recommended.
Step 5
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-isis-keys-0x8)# end
or
RP/0/RP0/CPU0:router(config-isis-keys-0x8)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action Purpose
To Next Page
Loading...
