show security keychain

Syntax

Description

Display information about authentication keychains configured for the Border Gateway Protocol (BGP), the Label Distribution Protocol (LDP) routing protocols, the Bidirectional Forwarding Detection (BFD) protocol, and the Intermediate System-to-Intermediate System (IS-IS) protocol.

Options

none	Display information about authentication keychains.
brief \| detail	(Optional) Display the specified level of output.

Required Privilege Level

view

Output Fields

Table 1 describes the output fields for the show security keychain command. Output fields are listed in the approximate order in which they appear.

Table 1: show security keychain Output Fields
Field Name	Field Description	Level of Output
keychain	The name of the keychain in operation.	All levels
Active-ID Send	Number of routing protocols packets sent with the active key.	All levels
Active-ID Receive	Number of routing protocols packets received with the active key.	All levels
Next-ID Send	Number of routing protocols packets sent with the next key.	All levels
Next-ID Receive	Number of routing protocols packets received with the next key.	All levels
Transition	Amount of time until the current key will be replaced with the next key in the keychain.	All levels
Tolerance	Configured clock-skew tolerance, in seconds, for accepting keys for a key chain.	All levels
Id	Identification number configured for the current key.	`detail`
Algorithm	Authentication algorithm configured for the current key.	`detail`
State	State of the current key. The value can be: `receive` `send` `send-receive` For the active key, the `State` can be `send-receive`, `send`, or `receive`. For keys that have a future start time, the `State` is `inactive`. Compare the `State` field to the `Mode` field.	`detail`
Option	For IS-IS only, the option determines how Junos OS encodes the message authentication code in routing protocol packets. The values can be: `basic`—Based on RFC 5304. `isis-enhanced`—Based on RFC 5310. The default value is `basic`. When you configure the `isis-enhanced` option, Junos OS sends RFC 5310-encoded routing protocol packets and accepts both RFC 5304-encoded and RFC 5310-encoded routing protocol packets that are received from other devices. When you configure `basic` (or do not include the `options` statement in the key configuration) Junos OS sends and receives RFC 5304-encoded routing protocols packets, and drops 5310-encoded routing protocol packets that are received from other devices. Because this setting is for IS-IS only, the TCP and the BFD protocol ignore the encoding option configured in the key.	`detail`
Start-time	Time that the current key became active.	`detail`
Mode	Mode of each key (Informational only.) The value can be `receive` `send` `send-receive` The mode of the key is based on the configuration. Suppose you configure two keys, one with a start-time of today and the other with a start-time of next week. For both keys, the `Mode` can be `send-receive`, `send`, or `receive`, regardless of the configured start-time. Compare the `Mode` field to the `State` field.	`detail`

ON THIS PAGE

show security keychain

Syntax

Description

Options

Required Privilege Level

Output Fields

Sample Output

show security keychain brief

show security keychain detail

Release Information