System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 37
• If a keychain exists but there are no active key entries with an authentication
type that matches the type supported by the protocol, inbound protocol packets
will not be authenticated and will be discarded and no outbound protocol packets
will be sent.
• If a keychain exists but the last key entry has expired, a log entry will be raised
indicating that all keychain entries have expired.
− The OSPF and RSVP-TE protocols require that the protocols continue to
authenticate inbound and outbound traffic using the last valid authentication
key.
− The IS-IS protocol requires that the protocol not revert to an
unauthenticated state and requires that the old key not be used; therefore,
when the last key has expired, all traffic will be discarded.
For information on associating keychains with protocols, refer to the
7705 SAR Routing Protocols Guide (for OSPF, IS-IS, and BGP), the
7705 SAR MPLS Guide (for RSVP-TE and LDP), and the 7705 SAR Services Guide
(for OSPF and BGP in a VPRN service).
To Next Page
Loading...
