Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

authentication-key-chains (TCP-AO)

Syntax

Hierarchy Level

Description

Configure authentication-key-chains at [edit security] hierarchy level for TCP-AO.

Option

Description

key-chain

Enter a unique name for the key chain. For example, new-auth-key.

key

Enter a unique key ID for each key. In a key-chain, keys are numbered sequentially, from key0 through key63.

secret

Enter a unique secret key or password for each key. Use any alphanumeric characters without any space. Once configured, it will appear in an encrypted format.

start-time

Enter a time in YYYY-MM-DD.HH:MM format to specify the time when the control gets passed on from one key to the next. When a configured start time arrives (based on the device’s clock), the key with that start time becomes active.

algorithm

Enter ao to indicate the authentication option.

send-id

Enter any two numbers between 0 and 255. You can also use the same number as the send-id and the recv-id of the same key. You must not use this numbers for any other key inside that key chain. You can configure up to 64 keys in a key-chain.

recv-id

Enter any two numbers between 0 and 255. You must not use this numbers for any other key inside that key chain. Reverse the send-id and recv-id values when you configure the same key in the receiving device.

cryptographic-algorithm

Choose a cryptographic algorithm. Starting in Junos OS Release 20.3R1, to be compliant to RFC5925, The TCP Authentication Option, we are supporting HMAC-SHA1 and AES-128 algorithms.

tcp-ao-option

Choose enable to include the TCP-AO option.

Note:

The default value is disabled.

Required Privilege Level

admin— To view this statement in the configuration.

admin-control— To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 20.3R1.