251
Step Command Remarks
device.
5. (Optional.) Set a
tolerance time for accept
keys in the keychain.
accept-tolerance
{ value |
infinite
}
By default, no tolerance time is
configured for accept keys in a
keychain.
6. Create a key and enter
key view.
key
key-id By default, no keys exist.
7. Specify an authentication
algorithm for the key.
authentication-algorithm
{
hmac-md5
|
hmac-sha-256
|
md5
}
By default, no authentication
algorithm is specified for a key.
8. Configure a key string for
the key.
key-string
{
cipher
|
plain
} string
By default, no key string is
configured.
9. Set the sending lifetime in
UTC mode for the key.
send-lifetime
utc
start-time
start-date
{
duration
{ duration-value |
infinite
} |
to
end-time end-date }
By default, the sending lifetime is
not configured for a key.
10. Set the receiving lifetime
in UTC mode for the key.
accept-lifetime
utc
start-time
start-date {
duration
{ duration-value |
infinite
} |
to
end-time end-date }
By default, the receiving lifetime
is not configured for a key.
11. (Optional.) Specify the
key as the default send
key.
default-send-key
By default, no key in a keychain
is specified as the default send
key.
Displaying and maintaining keychain
Execute display commands in any view.
Task Command
Display keychain information.
display keychain
[
name
keychain-name [
key
key-id ] ]
Keychain configuration example
Network requirements
As shown in Figure 79, establish an OSPF neighbor relationship between Switch A and Switch B,
and use a keychain to authenticate packets between the switches. Configure key 1 and key 2 for the
keychain and make sure key 2 is used immediately when key 1 expires.
Figure 79 Network diagram
Configuration procedure
Configuring Switch A
# Configure IP addresses for interfaces. (Details not shown.)
# Configure OSPF.
To Next Page
Loading...
