The security-key command configures an encryption key, which is used to encrypt packets. The encryption keys configured on the two devices where E-Trunks are created must be the same.
The undo security-key command deletes the configured encryption key.
By default, no encryption key is configured for an E-Trunk.
By default, an E-Trunk does not have any password.
| Parameter | Description | Value |
|---|---|---|
| simple simple-key |
Specifies that the password is saved in simple text. |
The value is a string of 1 to 255 case-sensitive characters, spaces not supported. If the password is entered in simple text, it is saved in simple text in the configuration file.When quotation marks are used around the string, spaces are allowed in the string. |
| cipher cipher-key |
Specifies that the password is saved in cipher text. |
Supported types:
No matter whether a password is entered in simple text or ciphertext, it is stored in ciphertext in the configuration file. When quotation marks are used around the string, spaces are allowed in the string. |
Usage Scenario
You are required to run the security-key command to configure a password for encrypting E-Trunk packets. This improves system security.
Precautions
Two devices in the same E-Trunk must have the same password for encrypting E-Trunk packets.
If simple is configured, the password is saved in the configuration file in simple text. The users with the least privilege of viewing the configuration file will be able to obtain the password. This causes a network security risk. Therefore, it is recommended that you configure cipher to encrypt the password in cipher text.After E-Trunks are created, you need to manually configure encryption keys. The encryption keys configured on the two devices where the E-Trunks are created must be the same. Otherwise, E-Trunk negotiation fails.