923
Configuring IP Unicast Routing
Configuring Protocol-Independent Features
To manage authentication keys, define a key chain, identify the keys that belong to the key chain, and specify how long
each key is valid. Each key has its own key identifier (specified with the key number key chain configuration command),
which is stored locally. The combination of the key identifier and the interface associated with the message uniquely
identifies the authentication algorithm and Message Digest 5 (MD5) authentication key in use.
You can configure multiple keys with life times. Only one authentication packet is sent, regardless of how many valid keys
exist. The software examines the key numbers in order from lowest to highest, and uses the first valid key it encounters.
The lifetimes allow for overlap during key changes. Note that the router must know these lifetimes.
BEFORE YOU BEGIN
Before you manage authentication keys, you must enable authentication. See the appropriate protocol section to see how
to enable authentication for that protocol.
DETAILED STEPS
To remove the key chain, use the no key chain name-of-chain global configuration command.
Command Purpose
1. configure terminal Enter global configuration mode.
2. key chain name-of-chain Identify a key chain, and enter key chain
configuration mode.
3. key number Identify the key number. The range is 0 to
2147483647.
4. key-string text Identify the key string. The string can contain
from 1 to 80 uppercase and lowercase
alphanumeric characters, but the first character
cannot be a number.
5. accept-lifetime start-time {infinite | end-time |
duration seconds}
(Optional) Specify the time period during which
the key can be received.
The start-time and end-time syntax can be either
hh:mm:ss Month date year or hh:mm:ss date
Month year. The default is forever with the
default start-time and the earliest acceptable
date as January 1, 1993. The default end-time
and duration is infinite.
6. send-lifetime start-time {infinite | end-time |
duration seconds}
(Optional) Specify the time period during which
the key can be sent.
The start-time and end-time syntax can be either
hh:mm:ss Month date year or hh:
mm:ss date
Month year. The default is forever with the
default start-time and the earliest acceptable
date as January 1, 1993. The default end-time
and duration is infinite.
7. end Return to privileged EXEC mode.
8. show key chain Display authentication key information.
9. copy running-config startup-config (Optional) Save your entries in the configuration
file.
To Next Page
Loading...
Need help?
General