Technical Documentation

authentication-key-chains

Syntax

authentication-key-chains {key-chain key-chain-name {description text-string;key key {secret secret-data;start-time yyyy-mm-dd.hh:mm:ss;}tolerance seconds;}}

Hierarchy Level

[edit security]

Release Information

Statement introduced in JUNOS Release 7.6.

Statement introduced in JUNOS Release 9.0 for EX Series switches.

Support for the BFD protocol introduced in JUNOS Release 9.6.

Support for the BFD protocol introduced in JUNOS Release 9.6 for EX Series switches.

Description

Configure authentication key updates for the Border Gateway Protocol (BGP), the Label Distribution Protocol (LDP) routing protocols, and the Bidirectional Forwarding Detection (BFD) protocol. When the authentication-key-chains statement is configured at the [edit security] hierarchy level, and is associated with the BGP and LDP protocols at the [edit protocols] hierarchy level or with the BFD protocol using the bfd-liveness-detection statement, authentication key updates can occur without interrupting routing and signaling protocols such as Open Shortest Path First (OSPF), and Resource Reservation Setup Protocol (RSVP).

Options

key-chain key-chain-name—Keychain name. This name is configured at the [edit protocols bgp] or the [edit protocols ldp] hierarchy level to associate unique authentication key-chain attributes with each protocol as specified using the following options:

  • description text-string—A text string of the authentication-key-chain. Put the text string in quotes (“text description”).
  • key key—Each key within a keychain is identified by a unique integer value.

    Range: 0 through 63

    • secret secret-data—Each key must specify a secret in encrypted text or plain text format. The secret always appears in encrypted format.
    • start-time yyyymm-dd.hh:mm:ss—Start times are specified in UTC (Coordinated Universal Time), and must be unique within the keychain.
  • tolerance seconds—Specify the clock skew tolerance, in seconds.

    Range: 0 through 999999999

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.


Published: 2010-04-26