binding keychain

Function

The binding keychain command binds a keychain to a TCP-AO.

The undo binding keychain command unbinds a keychain from a TCP-AO.

By default, no keychain is bound to a TCP-AO.

Format

binding keychain kcName

undo binding keychain [ kcName ]

Parameters

Parameter	Description	Value
kcName	Specifies the name of a bound keychain.	The value is a string of 1 to 47 case-insensitive characters. The string does not contain question marks or spaces. However, if double quotation marks are used around the string, spaces can be entered in the string.

Parameter

Description

Value

kcName

Specifies the name of a bound keychain.

The value is a string of 1 to 47 case-insensitive characters. The string does not contain question marks or spaces. However, if double quotation marks are used around the string, spaces can be entered in the string.

Views

tcp-ao policy view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
ip-stack	write

Usage Guidelines

Usage Scenario

When a TCP-AO used, a keychain needs to be bound to the TCP-AO to associate with the keys, encryption algorithms, and key effective time.

Multiple TCP-AOs can share the same keychain to reduce configuration workload and centrally manage multiple TCP-AO keys.

A key ID can be configured in the TCP-AO only after a keychain is bound to the TCP-AO. Deleting or changing the keychain bound to the TCP-AO causes the associated key ID to be deleted.

Example

# Unbind the keychain from the TCP-AO.

<HUAWEI> system-view
[~HUAWEI] tcp ao exampleAO
[~HUAWEI-tcp-ao-exampleAO] undo binding keychain

# Bind a keychain to a TCP-AO.

<HUAWEI> system-view
[~HUAWEI] tcp ao exampleAO
[~HUAWEI-tcp-ao-exampleAO] binding keychain kcAO