Step
4.
(Optional.) Set an
algorithm ID for a TCP
authentication algorithm.
5.
(Optional.) Set a
tolerance time for accept
keys in the keychain.
6.
Create a key and enter
key view.
7.
Specify an authentication
algorithm for the key.
8.
Configure a key string for
the key.
9.
Set the sending lifetime in
UTC mode for the key.
10. Set the receiving lifetime
in UTC mode for the key.
11. (Optional.) Specify the
key as the default send
key.
Displaying and maintaining keychain
Execute display commands in any view.
Task
Display keychain information.
Keychain configuration example
Network requirements
As shown in
and use a keychain to authenticate packets between the switches. Configure key 1 and key 2 for the
keychain and make sure key 2 is used immediately when key 1 expires.
Command
tcp-algorithm-id { hmac-md5 | md5 }
algorithm-id
accept-tolerance { value | infinite }
key key-id
authentication-algorithm
{ hmac-md5 | hmac-sha-256 | md5 }
key-string { cipher | plain } string
send-lifetime utc start-time start-date
{ duration { duration-value | infinite } |
to end-time end-date }
accept-lifetime utc start-time
start-date { duration { duration-value |
infinite } | to end-time end-date }
default-send-key
Command
display keychain [ name keychain-name [ key key-id ] ]
Figure
78, establish an OSPF neighbor relationship between Switch A and Switch B,
257
Remarks
By default, the algorithm ID is 3
for the MD5 authentication
algorithm, and is 5 for the
HMAC-MD5 authentication
algorithm.
When the local device uses TCP
to communicate with a peer
device from another vendor,
make sure both devices have
the same algorithm ID setting. If
they do not have the same
algorithm ID, use this command
to modify the algorithm ID on the
local device.
By default, no tolerance time is
configured for accept keys in a
keychain.
By default, no keys exist.
By default, no authentication
algorithm is specified for a key.
By default, no key string is
configured.
By default, the sending lifetime
is not configured for a key.
By default, the receiving lifetime
is not configured for a key.
By default, no key in a keychain
is specified as the default send
key.