JUNOSe 9.1.x Command Reference Guide A to M > D Commands > domain-message-digest-key

domain-message-digest-key

Description: 

Specifies an HMAC MD5 key that the router uses to create a secure, encrypted message digest of each IS-IS level 2 packet (LSPs, CSNPs, and PSNPs). The digest is inserted into the packet from which it is created. Using this algorithm for domain routers protects against unauthorized routers injecting false routing information into your network. You can specify when the router will start (default is the current time) and stop (default is never) accepting packets that include a digest made with this key. You can specify when the router will start (default is the current time plus 2 minutes) and stop (default is never) generating packets that include a digest made with this key. The no version deletes the key specified by the keyId.

NOTE: Issuing this command enables MD5 authentication of level 2 LSPs only. To enable authentication of level 2 CSNPs or PSNPs, use the domain-authentication command.

Syntax: 

domain-message-digest-key keyId hmac-md5 [ 0 | 8 ] key
[ start-accept startAcceptTime [ { startAcceptMonth startAcceptDay | startAcceptDay startAcceptMonth } startAcceptYear ] ]
[ start-generate startGenTime [ { startGenMonth startGenDay | startGenDay startGenMonth } startGenYear ] ]
[ stop-accept { never | stopAcceptTime [ { stopAcceptMonth stopAcceptDay | stopAcceptDay stopAcceptMonth } stopAcceptYear ] } ]
[ stop-generate { never | stopGenTime [ { stopGenMonth stopGenDay | stopGenDay stopGenMonth } stopGenYear ] } ]

no domain-message-digest-key keyId

• keyId—Integer from 1 to 255 that is a unique identifier for the secret key, sent with the message digest in the packet.
• 0—Indicates the key is entered in unencrypted form (plaintext); this is the default option
• 8—Indicates the key is entered in encrypted form (ciphertext)
• key—String of up to 20 alphanumeric characters; secret key used by the HMAC MD5 algorithm to generate the message digest.
• startAcceptTime, startAcceptMonth, startAcceptDay, startAcceptYear – time, month, day, year that the router will start accepting packets created with this password. Use military time format HH:MM[ :SS ].
• startGenTime, startGenMonth, startGenDay, startGenYear—Time, month, day, year that the router will start inserting this password into packets. Use military time format HH:MM[ :SS ].
• never—Specifies that the router never stops accepting or generating packets; overrides previously specified stop times.
• stopAcceptTime, stopAcceptMonth, stopAcceptDay, stopAcceptYear—Time, month, day, year that the router will stop accepting packets created with this password. Use military time format HH:MM[ :SS ].
• stopGenTime, stopGenMonth, stopGenDay, stopGenYear—Time, month, day, year that the router will stop inserting this password into packets. Use military time format HH:MM[ :SS ].

Mode(s): 

Router Configuration

    Release Information    Command introduced before JUNOSe Release 7.1.0.