Cisco Systems ME3400G2CSA Managing Authentication Keys

32-82

Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide

78-17058-01

Chapter32 Configuring IP Unicast Routing

Configuring Protocol-Independent Features

Managing Authentication Keys

Key management is a method of controlling authentication keys used by routing protocols. Not all

protocols can use key management. Authentication keys are available for EIGRP and RIP Version 2.

Before you manage authentication keys, you must enable authentication. See the appropriate protocol

section to see how to enable authentication for that protoc ol. To manage authentic ati on keys, define a

key chain, identify the keys that belong to the key chain, and specify how long each key is valid. Each

key has its own key identifier (specified with the key number key chain configuration command), which

is stored locally. The combination of the key identifier and the interface associated with the message

uniquely identifies the authentication algorithm and Message Digest 5 (MD5) authe ntication key in use.

You can configure multiple keys with life times. Only one authentication packet is sent, regardless of

how many valid keys exist. The software examines the key numbers in order from lowest to highest, and

uses the first valid key it encounters. The lifetimes allow for overlap during key changes. Note that the

router must know these lifetimes.

Beginning in privileged EXEC mode, follow these steps to manage authentication keys:

To remove the key chain, use the no key chain name-of-chain global configuration command.

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 key chain name-of-chain Identify a key chain, and enter key chain configuration

mode.

Step3 key number Identify the key number. The range is 0 to 2147483647.

Step4 key-string text Identify the key string. The string can contain from 1 to

80 uppercase and lowercase alphanumeric characters,

but the first character cannot be a number.

Step5 accept-lifetime start-time {infinite | end-time | duration

seconds}(Optional) Specify the time period during which the key

can be received.

The start-time and end-time syntax can be either

hh:mm:ss Month date year or hh:mm:ss date Month

year. The default is forever with the default start-time

and the earliest acceptable date as January 1, 1993. The

default end-time and duration is infinite.

Step6 send-lifetime start-time {infinite | end-time | duration

seconds}(Optional) Specify the time period during which the key

can be sent.

The start-time and end-time syntax can be either

hh:mm:ss Month date year or hh:mm:ss date Month

year. The default is forever with the default start-time

and the earliest acceptable date as January 1, 1993. The

default end-time and duration is infinite.

Step7 end Return to privileged EXEC mode.

Step8 show key chain Display authentication key information.

Step9 copy running-config startup-config (Optional) Save your entries in the configuration file.