IOS key chain feature

A key chain is simply a data structure that is used within a Cisco router to help manage multiple passwords, which in keychain lingo are called keys. They are also sometimes called shared secrets. These keys are then used to enable secure communication with other devices that also support key-based authentication.

The data structure allows you to create a keychain, and on that keychain, you can create keys with IDs between 0 and 65535. Each key can then be configured with a key-string which is the password itself. Under the configuration of the key, you can add many more parameters such as cryptographic algorithms and lifetime durations.

When applying those keychains to an interface for use with whatever feature requires key authentication, the following must be taken into account:

  • Make sure keys always have a lifetime that expires.
  • Configure more than one key and make sure they have some overlapping lifetimes to prevent downtime.

The lifetime of a key has a start-time which is the absolute time. The end-time is relative to the start-time or it can be infinite.

Features that use key-based authentication include OSPF and EIGRP.

https://networklessons.com/eigrp/how-to-configure-eigrp-authentication https://networklessons.com/cisco/ccie-routing-switching-written/ospf-hmac-sha-extended-authentication/

Links to this page: