Domain-Message-Digest-Key - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - COMMAND REFERENCE A TO M 2010-10-19 Command Reference Manual

domain-message-digest-key

Syntax
Release Information
Description
Options
Copyright © 2010, Juniper Networks, Inc.
domain-message-digest-key keyId hmac-md5 [ 0 | 8 ] key
[ start-accept startAcceptTime [ { startAcceptMonth startAcceptDay | startAcceptDay
startAcceptMonth } startAcceptYear ] ]
[ start-generate startGenTime [ { startGenMonth startGenDay | startGenDay startGenMonth
} startGenYear ] ]
[ stop-accept { never | stopAcceptTime [ { stopAcceptMonth stopAcceptDay |
stopAcceptDay stopAcceptMonth } stopAcceptYear ] } ]
[ stop-generate { never | stopGenTime [ { stopGenMonth stopGenDay | stopGenDay
stopGenMonth } stopGenYear ] } ]
no domain-message-digest-key keyId
Command introduced before JunosE Release 7.1.0.
Specifies an HMAC MD5 key that the router uses to create a secure, encrypted message
digest of each IS-IS level 2 packet (LSPs, CSNPs, and PSNPs). The digest is inserted into
the packet from which it is created. Using this algorithm for domain routers protects
against unauthorized routers injecting false routing information into your network. You
can specify when the router will start (default is the current time) and stop (default is
never) accepting packets that include a digest made with this key. You can specify when
the router will start (default is the current time plus 2 minutes) and stop (default is never)
generating packets that include a digest made with this key. The no version deletes the
key specified by the keyId.
NOTE: Issuing this command enables MD5 authentication of level 2 LSPs
only. To enable authentication of level 2 CSNPs or PSNPs, use the
domain-authentication command.
keyId—Integer from 1 to 255 that is a unique identifier for the secret key, sent with the
message digest in the packet.
0—Indicates the key is entered in unencrypted form (plaintext); this is the default option
8—Indicates the key is entered in encrypted form (ciphertext)
key—String of up to 20 alphanumeric characters; secret key used by the HMAC MD5
algorithm to generate the message digest.
startAcceptTime, startAcceptMonth, startAcceptDay, startAcceptYear – time, month,
day, year that the router will start accepting packets created with this password. Use
military time format HH : MM[ : SS ].
startGenTime, startGenMonth, startGenDay, startGenYear—Time, month, day, year that
the router will start inserting this password into packets. Use military time format HH
: MM[ : SS ].
Chapter 5: D Commands
537