area-message-digest-key

Syntax

area-message-digest-key keyId hmac-md5 [ 0 | 8 ] key
[ start-accept startAcceptTime [ { startAcceptMonth startAcceptDay | startAcceptDay startAcceptMonth } startAcceptYear ] ]
[ start-generate startGenTime [ { startGenMonth startGenDay | startGenDay startGenMonth } startGenYear ] ]
[ stop-accept { never | stopAcceptTime [ { stopAcceptMonth stopAcceptDay | stopAcceptDay stopAcceptMonth } stopAcceptYear ] } ]
[ stop-generate { never | stopGenTime [ { stopGenMonth stopGenDay | stopGenDay stopGenMonth } stopGenYear ] } ]

no area-message-digest-key keyId

Release Information

Command introduced before JUNOSe Release 7.1.0.

Description

Specifies an HMAC MD5 key that the router uses to create a secure, encrypted message digest of each IS-IS level 1 packet (LSPs, CSNPs, and PSNPs). The digest is inserted into the packet from which it is created. Using this algorithm for area routers protects against unauthorized routers injecting false routing information into your network.

You can specify when the router will start (default is the current time) and stop (default is never) accepting packets that include a digest made with this key. You can specify when the router will start (default is the current time plus 2 minutes) and stop (default is never) generating packets that include a digest made with this key. The no version deletes the key specified by the keyId.

Note: Issuing this command enables MD5 authentication of level 1 LSPs only. To enable authentication of level 1 CSNPs or PSNPs, use the area-authentication command.

Options

• keyId—Integer from 1 to 255 that is a unique identifier for the secret key, sent with the message digest in the packet.
• 0—Indicates the key is entered in unencrypted form (plaintext); default option
• 8—Indicates the key is entered in encrypted form (ciphertext)
• key—String of up to 20 alphanumeric characters; secret key used by the HMAC MD5 algorithm to generate the message digest
• startAcceptTime, startAcceptMonth, startAcceptDay, startAcceptYear—Time, month, day, year that the router will start accepting packets created with this password. Use military time format HH : MM[: SS ].
• startGenTime, startGenMonth, startGenDay, startGenYear—Time, month, day, year that the router will start inserting this password into packets. Use military time format HH : MM[: SS ].
• never—Indicates the router never stops accepting or generating packets; overrides previously specified stop times and keeps using the authentication key in sending and receiving PDUs with the corresponding authentication indefinitely
• stopAcceptTime, stopAcceptMonth, stopAcceptDay, stopAcceptYear—Time, month, day, year that the router will stop accepting packets created with this password. Use military time format HH : MM[: SS ].
• stopGenTime, stopGenMonth, stopGenDay, stopGenYear—Time, month, day, year that the router will stop inserting this password into packets. Use military time format HH : MM[: SS ].

Router Configuration

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.