Licensing Requirements For Keychain Management; Prerequisites For Keychain Management; Guidelines And Limitations For Keychain Management - Cisco Nexus 9000 Series Configuration Manual

Licensing Requirements for Keychain Management

Accept lifetime
Send lifetime
You define the send and accept lifetimes of a key using the following parameters:
Start-time
End-time
During a key send lifetime, the device sends routing update packets with the key. The device does not accept
communication from other devices when the key sent is not within the accept lifetime of the key on the device.
We recommend that you configure key lifetimes that overlap within every keychain. This practice avoids
failure of neighbor authentication due to the absence of active keys.
Licensing Requirements for Keychain Management
This table shows the licensing requirements for keychain management.
Product
Cisco
NX-OS

Prerequisites for Keychain Management

Keychain management has no prerequisites.

Guidelines and Limitations for Keychain Management

Keychain management has the following configuration guideline and limitation:
• Changing the system clock impacts when the keys are active.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
420
The time interval within which the device accepts the key during a key exchange with another device.
The time interval within which the device sends the key during a key exchange with another device.
The absolute time that the lifetime begins.
The end time can be defined in one of the following ways:
• The absolute time that the lifetime ends
• The number of seconds after the start time that the lifetime ends
• Infinite lifetime (no end-time)
License Requirement
Keychain management requires no license. Any feature not included in a license package is
bundled with the nx-os image and is provided at no extra charge to you. For an explanation
of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Configuring Keychain Management