key-id

Function

Using the key-id command, you can create a new key-id of Keychain.

Using the undo key-id command, you can delete the key-id configuration of Keychain.

By default, no key-id of Keychain is configured.

Format

key-id key-id

undo key-id key-id

Parameters

Parameter	Description	Value
key-id	Specifies the key identification number of a keychain.	The integer value ranges from 0 to 63.

Parameter

Description

Value

key-id

Specifies the key identification number of a keychain.

The integer value ranges from 0 to 63.

Views

Keychain view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
key-chain	write

Usage Guidelines

Usage Scenario

In keychain authentication mode, secure protocol packet transmission is provided by changing the authentication algorithm and key dynamically. This can reduce the workload of changing the algorithm and key manually.

The dynamic change of the keychain authentication algorithm is implemented based on the key IDs. Each keychain consists of multiple key IDs that are valid within different time periods and each key ID is configured with an authentication algorithm. When a key ID becomes valid, the corresponding authentication algorithm is used.

Follow-up Procedure

After a key ID is created, specify the authentication and encryption algorithms, and the key for the key ID; set the time when a key ID becomes valid or invalid.

The time period within which a key ID for packet sending or receiving is valid, and the time mode configured for the key ID must be identical with that configured for the keychain.

Precautions

If a key ID becomes invalid and no other key IDs become valid in time, there is no key ID available for packet authentication and encryption. To ensure the normal packet transmission, specifying a key ID as the default key ID for packet sending is recommended.

Example

# Configure the key-id 1.

<HUAWEI> system-view
[~HUAWEI] keychain huawei mode absolute
[*HUAWEI-keychain-huawei] key-id 1