Supported Platforms
show security keychain
Syntax
Release Information
Command introduced in Junos OS Release 11.2.
Description
Display information about authentication keychains configured for the Border Gateway Protocol (BGP), the Label Distribution Protocol (LDP) routing protocols, the Bidirectional Forwarding Detection (BFD) protocol, and the Intermediate System-to-Intermediate System (IS-IS) protocol.
Options
none | — | Display information about authentication keychains. |
brief | detail | — | (Optional) Display the specified level of output. |
Required Privilege Level
view
List of Sample Output
show security keychain briefshow security keychain detail
Output Fields
Table 1 describes the output fields for the show security keychain command. Output fields are listed in the approximate order in which they appear.
Table 1: show security keychain Output Fields
Field Name | Field Description | Level of Output |
---|---|---|
keychain | The name of the keychain in operation. | All levels |
Active-ID Send | Number of routing protocols packets sent with the active key. | All levels |
Active-ID Receive | Number of routing protocols packets received with the active key. | All levels |
Next-ID Send | Number of routing protocols packets sent with the next key. | All levels |
Next-ID Receive | Number of routing protocols packets received with the next key. | All levels |
Transition | Amount of time until the current key will be replaced with the next key in the keychain. | All levels |
Tolerance | Configured clock-skew tolerance, in seconds, for accepting keys for a key chain. | All levels |
Id | Identification number configured for the current key. | detail |
Algorithm | Authentication algorithm configured for the current key. | detail |
State | State of the current key. The value can be:
For the active key, the State can be send-receive, send, or receive. For keys that have a future start time, the State is inactive. Compare the State field to the Mode field. | detail |
Option | For IS-IS only, the option determines how Junos OS encodes the message authentication code in routing protocol packets. The values can be:
The default value is basic. When you configure the isis-enhanced option, Junos OS sends RFC 5310-encoded routing protocol packets and accepts both RFC 5304-encoded and RFC 5310-encoded routing protocol packets that are received from other devices. When you configure basic (or do not include the options statement in the key configuration) Junos OS sends and receives RFC 5304-encoded routing protocols packets, and drops 5310-encoded routing protocol packets that are received from other devices. Because this setting is for IS-IS only, the TCP and the BFD protocol ignore the encoding option configured in the key. | detail |
Start-time | Time that the current key became active. | detail |
Mode | Mode of each key (Informational only.) The value can be
The mode of the key is based on the configuration. Suppose you configure two keys, one with a start-time of today and the other with a start-time of next week. For both keys, the Mode can be send-receive, send, or receive, regardless of the configured start-time. Compare the Mode field to the State field. | detail |
Sample Output
show security keychain brief
user@host> show security keychain brief
keychain Active-ID Next-ID Transition Tolerance Send Receive Send Receive hakr 3 3 1 1 1d 23:58 3600
show security keychain detail
user@host> show security keychain detail
keychain Active-ID Next-ID Transition Tolerance Send Receive Send Receive hakr 3 3 1 1 1d 23:58 3600 Id 3, Algorithm hmac-md5, State send-receive, Option basic Start-time Wed Aug 11 16:28:00 2010, Mode send-receive Id 1, Algorithm hmac-md5, State inactive, Option basic Start-time Fri Aug 20 11:30:57 2010, Mode send-receive