Configuring A New Chassis Key Value; Cli Commands - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
Configuring a New Chassis Key Value
Configuring a New Chassis Key Value
CLI Commands
Important
Use the Exec mode chassis key value key_string command to enter a new chassis key.
The key_string is an alphanumeric string of 1 through 16 characters. The chassis key is stored as a one-way
encrypted value, much like a password. For this reason, the chassis key value is never displayed in plain-text
form.
The Exec mode chassis keycheck key_string command generates a one-way encrypted key value based on
the entered key_string. The generated encrypted key value is compared against the encrypted key value of the
previously entered chassis key value. If the encrypted values match, the command succeeds and keycheck
passes. If the comparison fails, a message is displayed indicating that the key check has failed. If the default
chassis key (MAC address) is currently being used, this key check will always fail since there will be no
chassis key value to compare against.
Use the chassis keycheck command to verify whether multiple chassis share the same chassis key value.
Important
For additional information, refer to the Exec Mode Commands chapter in the Command Line Interface
Reference.
Beginning with Release 15.0, the chassis ID will be generated from the chassis key using a more secure
algorithm. The resulting 44-character chassis ID will be stored in the same file.
Release 14 and Release 15 chassis IDs will be in different formats. Release 15 will recognize a Release 14
chassis ID and consider it as valid. Upgrading from 14.x to 15.0 will not require changing the chassis ID or
configuration file.
However, if the chassis key is reset in Release 15 through the Quick Setup Wizard or CLI command, a new
chassis ID will be generated in Release 15 format (44 instead of 16 characters). Release14 builds will not
recognize the 44-character chassis ID. If the chassis is subsequently downgraded to Release 14, a new
16-character chassis ID will be generated. To accommodate the old key format, you must save the configuration
file in pre-v12.2 format before the downgrade. If you attempt to load a v15 configuration file on the downgraded
chassis, StarOS will not be able to decrypt the password/secrets stored in the configuration file.
For release 19.2 and higher, in a chassis where the chassis ID file already exists nothing is changed. However,
if the chassis ID file is lost in both management cards, all existing configuration files become invalid. Entering
a new chassis key that is the same as the original value will not resolve the issue because of the new method
used to generate the chassis ID.
ASR 5000 System Administration Guide, StarOS Release 21.1
62
Only a user with Security Administrator privilege can execute the chassis key value and chassis keycheck
commands.
For release 19.2 and higher, in the absence of an existing chassis ID file the chassis keycheck command
is hidden.
System Settings
Advertisement
Table of Contents
Troubleshooting
