Assigning a time-independent key to a chain

A time-independent key has no Accept or Send time constraints. It is valid from boot-up until you change it. If you use a time-independent key, then it is the only key needed for a key chain entry.

Syntax:


key-chain <chain_name> key <key_id>
no key-chain <chain_name> key <key_id>

Generates or deletes a key in the key chain entry <chain_name >. Using the optional no form of the command deletes the key. The <key_id > is any number from 0-255.


[key-string <key_str>]

This option lets you specify the key value for the protocol using the key. The <key_str > can be any string of up to 14 characters in length.


[accept-lifetime infinite][send-lifetime infinite]

accept-lifetime infinite: Allows packets with this key to be accepted at any time from boot-up until the key is removed.

send-lifetime infinite: Allows the switch to send this key as authorization, from boot-up until the key is removed.


show key-chain <chain_name>

Displays the detail information about the keys used in the key chain named <chain_name >.

Example:

To generate a new time-independent key for the switch key chain entry:

Adding and displaying a time-independent key to a key chain entry