Determining Active Key Lifetimes; Verifying The Keychain Management Configuration - Cisco Nexus 9000 Series Configuration Manual

Determining Active Key Lifetimes

Command or Action
Step 2 key chain name
Example:
switch(config)# key chain bgp-keys
switch(config-keychain)#
Step 3 key key-ID
Example:
switch(config-keychain)# key 13
switch(config-keychain-key)#
Step 4 [no] cryptographic-algorithm {HMAC-SHA-1 |
HMAC-SHA-256 | HMAC-SHA-384 | HMAC-SHA-512
| MD5}
Example:
switch(config-keychain-key)#
cryptographic-algorithm HMAC-SHA-1
Step 5
(Optional) show key chain name
Example:
switch(config-keychain-key)# show key chain
bgp-keys
Step 6 (Optional) copy running-config startup-config
Example:
switch(config-keychain-key)# copy running-config
startup-config
Determining Active Key Lifetimes
To determine which keys within a key chain have active accept or send lifetimes, use the command in this
table.
Command
show key chain

Verifying the Keychain Management Configuration

To display keychain management configuration information, perform the following task:
Command
show key chain name
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
428
Purpose
Displays the key chains configured on the device.
Purpose
Displays the keychains configured on the device.
Purpose
Enters keychain configuration mode for the keychain that
you specified.
Enters key configuration mode for the key that you
specified. The key-ID argument must be a whole number
between 0 and 65535.
Configures the OSPFv2 cryptographic algorithm to be used
for the specified key. You can configure only one
cryptographic algorithm per key.
Shows the keychain configuration.
Copies the running configuration to the startup
configuration.
Configuring Keychain Management