Creating and deleting key chain entries

To use KMS, you must create one or more key chain entries. An entry can be the pointer to a single time-independent key or a chain of time-dependent keys.

NOTE:

The key chain information is copied to the standby management module (if redundancy is enabled and the standby module has passed self-test).

Syntax:


[no] key-chain <chain_name>

Generate or delete a key chain entry. Using the optional no form of the command deletes the key chain. The <chain_name > parameter can include up to 32 characters.


show key-chain

Displays the current key chains on the switch and their overall status.

For example, to generate a new key chain entry:

Adding a new key chain entry

After adding an entry, assign keys to it for use by a KMS-enabled protocol.