Contents

11.23. Key Chain Commands

11.23.1. key chain

Command Purpose

To create a keychain, use the key chain command in Global Config mode. To delete a keychain, use the no form of this command.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

key chain WORD

no key chain WORD

Parameter	Parameter Description	Parameter Value
WORD	The name of keychain	String with up to 20 characters

Command Mode

Global Config

Default

No keychain is created.

Usage

Routing protocols and network management applications often use keychain to enhance security while communicating with peers. For the detail of these configurations, see relevant chapters of user guide.

Examples

The following example shows how to create a keychain:

Switch# configure terminal
Switch(config)# key chain test
Switch(config-keychain)# 

11.23.2. key

Command Purpose

To create a key in a keychain, use the key command in keychain configuration mode. To delete a key from a keychain, use the no form of this command.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

key KEY_ID

no key KEY_ID

Parameter	Parameter Description	Parameter Value
KEY_ID	key id	0-31

Command Mode

Key Chain Configuration

Default

There is no key in a keychain.

Usage

The key will not be used unless key string was configured.

Examples

The following example shows how to create a key:

Switch# configure terminal
Switch(config)# key chain test
Switch(config-keychain)# key 1

Related Commands

key chain

key-string

accept-lifetime

send-lifetime

11.23.3. key-string

Command Purpose

To configure key string for a key, use key-string command in key configuration mode. To delete configuration, use the no form of this command.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

key-string LINE

no key-string LINE

Parameter	Parameter Description	Parameter Value
LINE	Key string	String with up to 255 characters

Command Mode

Key Configuration

Default

The key string is not be configured.

Usage

This command is used to configure key string for a key and then this key will be valid for ever if there is no lifetime set.

Examples

The following example shows how to configure key-string:

Switch# configure terminal
Switch(config)# key chain test
Switch(config-keychain)# key 2
Switch(config-keychain-key)# key-string #test_keywords#

Related Commands

key

accept-lifetime

send-lifetime

11.23.4. accept-lifetime

Command Purpose

To configure the accept lifetime for a key, use accept-lifetime command in key configuration mode. To delete this configuration, use the no form of this command.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

accept-lifetime START-TIME EXPIRE-TIME

no accept-lifetime

Parameter	Parameter Description	Parameter Value
START-TIME	The start of accept lifetime	The start of accept lifetime,its format should like “HH:MM:SS <1-31> MONTH <1993-2035>” or “HH:MM:SS MONTH <1-31> <1993-2035>” and MONTH should be First three letters of the month
EXPIRE-TIME	The end of accept lifetime	The end of accept lifetime,its format should like “HH:MM:SS <1-31> MONTH <1993-2035>”, “HH:MM:SS MONTH <1-31> <1993-2035>”, “Infinite” or “duration <1-2147483646>” and MONTH should be First three letters of the month

Command Mode

Key Configuration

Default

No accept lifetime is configured

Usage

This command is used to configure accept lifetime for a key which will be invalid after lifetime expired.

Examples

The following example shows how to configure accept-lifetime:

Switch# configure terminal
Switch(config)# key chain test
Switch(config-keychain)# key 2
Switch(config-keychain-key)# accept-lifetime 0:0:1 2 jan 2023 infinite

Related Commands

key

key-string

11.23.5. send-lifetime

Command Purpose

To configure the send lifetime for a key, use send-lifetime command in key configuration mode. To delete this configuration, use the no form of this command.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

send-lifetime START-TIME EXPIRE-TIME

no send-lifetime

Parameter	Parameter Description	Parameter Value
START-TIME	The start of send lifetime	The start of send lifetime,its format should like “HH:MM:SS <1-31> MONTH <1993-2035>” or “HH:MM:SS MONTH <1-31> <1993-2035>” and MONTH should be First three letters of the month
EXPIRE-TIME	The end of send lifetime	The end of send lifetime,its format should like “HH:MM:SS <1-31> MONTH <1993-2035>”, “HH:MM:SS MONTH <1-31> <1993-2035>”, “Infinite” or “duration <1-2147483646>” and MONTH should be First three letters of the month

Command Mode

Key Configuration

Default

No send lifetime is configured

Usage

This command is used to configure send lifetime for a key which will be invalid after lifetime expired.

Examples

The following example shows how to configure send-lifetime:

Switch# configure terminal
Switch(config)# key chain test
Switch(config-keychain)# key 2
Switch(config-keychain-key)# send-lifetime 0:0:1 2 jan 2023 infinite

Related Commands

key

key-string

11.23.6. show key chain

Command Purpose

To show information of keychain, use show key chain command.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

show key chain ( WORD | )

Parameter	Parameter Description	Parameter Value
WORD	The name of keychain	String with up to 20 characters

Command Mode

Privileged EXEC

Default

None

Usage

None

Examples

The following example shows how to display keychain:

Switch# show key chain test

key chain test:
    key 1 -- text "key-string ##test_keywords_1##"
      accept-lifetime <00:00:01 Jan 01 2023> - <infinite>
      send-lifetime <always valid> - <always valid> [valid now]
    key 2 -- text "key-string ##test_keywords_2##"
      accept-lifetime <always valid> - <always valid> [valid now]
      send-lifetime <00:00:01 Jan 02 2023> - <infinite>

Related Commands

key chain

latest.20241120

11.23. Key Chain Commands

11.23.1. key chain

Command Purpose

Prerequisites

Command Syntax

Command Mode

Default

Usage

Examples

Related Commands

11.23.2. key

Command Purpose

Prerequisites

Command Syntax

Command Mode

Default

Usage

Examples

Related Commands

11.23.3. key-string

Command Purpose

Prerequisites

Command Syntax

Command Mode

Default

Usage

Examples

Related Commands

11.23.4. accept-lifetime

Command Purpose

Prerequisites

Command Syntax

Command Mode

Default

Usage

Examples

Related Commands

11.23.5. send-lifetime

Command Purpose

Prerequisites

Command Syntax

Command Mode

Default

Usage

Examples

Related Commands

11.23.6. show key chain

Command Purpose

Prerequisites

Command Syntax

Command Mode

Default

Usage

Examples

Related Commands

Search the site