Domain-Message-Digest-Key - Juniper JUNOSE 11.1.X - COMMAND REFERENCE A TO M 4-9-2010 Command Reference Manual

domain-message-digest-key

domain-message-digest-key keyId hmac-md5 [ 0 | 8 ] key
Syntax
[ start-accept startAcceptTime [ { startAcceptMonth startAcceptDay | startAcceptDay
startAcceptMonth } startAcceptYear ] ]
[ start-generate startGenTime [ { startGenMonth startGenDay | startGenDay
startGenMonth } startGenYear ] ]
[ stop-accept { never | stopAcceptTime [ { stopAcceptMonth stopAcceptDay |
stopAcceptDay stopAcceptMonth } stopAcceptYear ] } ]
[ stop-generate { never | stopGenTime [ { stopGenMonth stopGenDay | stopGenDay
stopGenMonth } stopGenYear ] } ]
no domain-message-digest-key keyId
Command introduced before JUNOSe Release 7.1.0.
Release Information
Specifies an HMAC MD5 key that the router uses to create a secure, encrypted
Description
message digest of each IS-IS level 2 packet (LSPs, CSNPs, and PSNPs). The digest is
inserted into the packet from which it is created. Using this algorithm for domain
routers protects against unauthorized routers injecting false routing information into
your network. You can specify when the router will start (default is the current time)
and stop (default is never) accepting packets that include a digest made with this
key. You can specify when the router will start (default is the current time plus 2
minutes) and stop (default is never) generating packets that include a digest made
with this key. The no version deletes the key specified by the keyId.
NOTE: Issuing this command enables MD5 authentication of level 2 LSPs only. To
enable authentication of level 2 CSNPs or PSNPs, use the domain-authentication
command.
Options
keyId—Integer from 1 to 255 that is a unique identifier for the secret key, sent
with the message digest in the packet.
0 Indicates the key is entered in unencrypted form (plaintext); this is the default
option
8 Indicates the key is entered in encrypted form (ciphertext)
key—String of up to 20 alphanumeric characters; secret key used by the HMAC
MD5 algorithm to generate the message digest.
startAcceptTime, startAcceptMonth, startAcceptDay, startAcceptYear – time, month,
day, year that the router will start accepting packets created with this password.
Use military time format HH : MM[ : SS ].
startGenTime, startGenMonth, startGenDay, startGenYear—Time, month, day,
year that the router will start inserting this password into packets. Use military
time format HH : MM[ : SS ].
Chapter 5: D Commands
domain-message-digest-key
541