Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

key (Authentication Keychain)

Syntax

Hierarchy Level

Description

Configure an authentication element (key). You include this statement several times in the configuration, thereby creating a keychain of authentication keys, each with its own identifier, secret (password), and start time. You can have up to 64 keys within a keychain.

Options

key-identifier

(Required) Each key within a keychain is identified by a unique integer value.

  • Range: 0 through 63
algorithm (hmac-sha-1 | md5)

Configure the authentication algorithm for IS-IS.

  • Values: Configure one of these authentication algorithms:

    • hmac-sha-1—96-bit hash-based message authentication code (SHA-1).

    • md5—Message digest 5.

  • Default: md5
key-name authentication-key-name

Specify a key name in hexadecimal format, used for MACsec.
options (basic | isis-enhanced)

For IS-IS only, configure the protocol transmission encoding format for encoding the message authentication code in routing protocol packets.

Because this setting is for IS-IS only, the TCP and the BFD protocol ignore the encoding option configured in the key.

  • Values: Configure one of the following:

    • basic—RFC 5304 based encoding. Junos OS sends and receives RFC 5304-encoded routing protocol packets, and drops 5310-encoded routing protocol packets that are received from other devices.

    • isis-enhanced—RFC 5310 based encoding. Junos OS sends RFC 5310-encoded routing protocol packets and accepts both RFC 5304-encoded and RFC 5310-encoded routing protocol packets that are received from other devices.

  • Default: basic
secret secret-data

(Required) Specify a password in encrypted text or plain text format. The secret password always appears in encrypted format. The password can include spaces if the character string is enclosed in quotation marks.
start-time yyyy-mm-dd.hh:mm:ss

(Required) Specify a start time in UTC (Coordinated Universal Time) for key transmission. You do not need to specify an end time for the key. If a new key is present with a new start time, the keychain rolls over to the new one. The start time must be unique within the keychain.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 7.6.

Support for the BFD protocol introduced in Junos OS Release 9.6.

Support for IS-IS introduced in Junos OS Release 11.2.

algorithm and options introduced in Junos OS Release 11.2.

key-name introduced in Junos OS Release 17.4.

Related Documentation