key
To identify an authentication key on a key chain, use the key command in key-chain configuration mode. To
remove the key from the key chain, use the no form of this command.
key key-id
no key key-id
Syntax Description
Identification number of an authentication key on a
key chain. The range of keys is from 0 to
2147483647. The key identification numbers need
not be consecutive.
key-id
Command Default
No key exists on the key chain.
Command Modes
Key-chain configuration (config-keychain)
Command History
ModificationRelease
This command was introduced.11.1
Support for IPv6 was added.12.4(6)T
This command was integrated into Cisco IOS Release 12.2(33)SRB.12.2(33)SRB
This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set, platform,
and platform hardware.
12.2SX
Usage Guidelines
It is useful to have multiple keys on a key chain so that the software can sequence through the keys as they
become invalid after time, based on the accept-lifetime and send-lifetime key chain key command settings.
Each key has its own key identifier, which is stored locally. The combination of the key identifier and the
interface associated with the message uniquely identifies the authentication algorithm and Message Digest 5
(MD5) authentication key in use. Only one authentication packet is sent, regardless of the number of valid
keys. The software starts looking at the lowest key identifier number and uses the first valid key.
If the last key expires, authentication will continue and an error message will be generated. To disable
authentication, you must manually delete the last valid key.
To remove all keys, remove the key chain by using the no key chain command.
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
185
key
To Next Page
Loading...
Need help?
General