Using the keychain command, you can create a new set of keychain rules or enter a keychain view.
Using the undo keychain command, you can delete the keychain configuration.
By default, no keychain is configured.
keychain keychain-name
keychain keychain-name mode absolute
keychain keychain-name mode periodic daily
keychain keychain-name mode periodic weekly
keychain keychain-name mode periodic monthly
keychain keychain-name mode periodic yearly
keychain keychain-name mode absolute mode cusp-agent
keychain keychain-name mode periodic daily mode cusp-agent
keychain keychain-name mode periodic weekly mode cusp-agent
keychain keychain-name mode periodic monthly mode cusp-agent
keychain keychain-name mode periodic yearly mode cusp-agent
undo keychain keychain-name
| Parameter | Description | Value |
|---|---|---|
| keychain-name |
Specifies keychain name. All the applications identify the set of keychain rules by keychain name. |
The value is a string of 1 to 47 case-insensitive characters, question marks (?) and spaces not supported. However, the string can contain spaces if it is enclosed in double quotation marks (" "). |
| mode |
Specifies the time mode in which the keychain takes effect. |
- |
| absolute |
Specifies that the given keychain is non-periodic. |
- |
| periodic |
Specifies that the given keychain is periodic. |
- |
| daily |
Specifies that the given keychain is day-periodic. |
- |
| weekly |
Specifies that the given keychain is week-periodic. |
- |
| monthly |
Specifies that the given keychain is month-periodic. |
- |
| yearly |
Specifies that the given keychain is year-periodic. |
- |
| cusp-agent |
Specifies the cusp agent mode. |
- |
Usage Scenario
In keychain authentication mode, secure protocol packet transmission is provided by changing the authentication algorithm and key dynamically. This can prevent unauthorized users from obtaining the key, and authentication and encryption algorithms, and reduce the workload of changing the algorithm and key manually.
Each keychain consists of multiple key IDs that are valid within different time periods and each key ID is configured with an authentication algorithm. When a key ID becomes valid, the corresponding authentication algorithm is used. There are two keychain validity modes:Implementation Procedure
Specify the validity mode when creating a keychain. The keychain view is displayed when a keychain name is specified.
Follow-up Procedure
After a keychain is created, configure the time period within which each key ID is valid. Otherwise, protocol packets cannot be authenticated and encrypted.
The time period within which a key ID for packet sending or receiving is valid, and the time mode configured for the key ID must be identical with that configured for the keychain.Precautions
The keychain keychain-name command displays a specific keychain view. If the keychain specified by keychain-name does not exist, the keychain keychain-name command cannot be executed. To create a keychain, run the keychain keychain-name mode { absolute | periodic { daily | weekly | monthly | yearly } } command.