PurposeCommand or Action
switch(config-keychain)# copy running-config
startup-config
Configuring a Master Key and Enabling the AES Password Encryption Feature
You can configure a master key for type-6 encryption and enable the Advanced Encryption Standard (AES)
password encryption feature.
SUMMARY STEPS
1. [no] key config-key ascii
2. configure terminal
3. [no] feature password encryption aes
4. (Optional) show encryption service stat
5. copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Configures a master key to be used with the AES password
encryption feature. The master key can contain between 16
[no] key config-key ascii
Example:
Step 1
and 32 alphanumeric characters. You can use the no form
of this command to delete the master key at any time.
switch# key config-key ascii
New Master Key:
Retype Master Key:
If you enable the AES password encryption feature before
configuring a master key, a message appears stating that
password encryption will not take place unless a master key
is configured. If a master key is already configured, you are
prompted to enter the current master key before entering a
new master key.
Enters global configuration mode.configure terminal
Example:
Step 2
switch# configure terminal
switch(config)#
Enables or disables the AES password encryption feature.[no] feature password encryption aes
Example:
Step 3
switch(config)# feature password encryption aes
Displays the configuration status of the AES password
encryption feature and the master key.
(Optional) show encryption service stat
Example:
Step 4
switch(config)# show encryption service stat
Copies the running configuration to the startup
configuration.
Required: copy running-config startup-config
Example:
Step 5
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
423
Configuring Keychain Management
Configuring a Master Key and Enabling the AES Password Encryption Feature
To Next Page
Loading...
