Managing Authentication Keys - Cisco Catalyst 9500 series Configuration Manual

Configuring IP Unicast Routing
Step 6

Managing Authentication Keys

Key management is a method of controlling authentication keys used by routing protocols. Not all protocols
can use key management. Authentication keys are available for EIGRP and RIP Version 2.
Prerequisites
Before you manage authentication keys, you must enable authentication. See the appropriate protocol section
to see how to enable authentication for that protocol. To manage authentication keys, define a key chain,
identify the keys that belong to the key chain, and specify how long each key is valid. Each key has its own
key identifier (specified with the key number key chain configuration command), which is stored locally. The
combination of the key identifier and the interface associated with the message uniquely identifies the
authentication algorithm and Message Digest 5 (MD5) authentication key in use.
How to Configure Authentication Keys
You can configure multiple keys with life times. Only one authentication packet is sent, regardless of how
many valid keys exist. The software examines the key numbers in order from lowest to highest, and uses the
first valid key it encounters. The lifetimes allow for overlap during key changes. Note that the router must
know these lifetimes.
Procedure
Step 1
Step 2
Command or Action
copy running-config startup-config
Example:
Device# copy running-config
startup-config
Command or Action
configure terminal
Example:
Device# configure terminal
key chain name-of-chain
Example:
Device(config)# key chain key10
Routing Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9500 Switches)
Managing Authentication Keys
Purpose
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Identifies a key chain, and enter key chain
configuration mode.
201