authentication-key-chains (TCP-AO)
Syntax
authentication-key-chains {
key-chain keychain-name {
key key ID {
secret secretpassword;
start-time yyyy-mm-dd.hh:mm:ss;
algorithm ao;
ao-attribute {
send-id send ID;
recv-id receive ID;
cryptographic-algorithm (aes-128-cmac-96 | hmac-sha-1-96);
tcp-ao-option (disabled | enabled);
}
}
}
Hierarchy Level
[edit security]
Description
Configure authentication keychains for TCP Authentication Option (TCP-AO) .
Option |
Description |
|---|---|
|
Enter a unique name for the keychain. For example, |
|
Enter a unique key ID for each key. In a key-chain, keys
are numbered sequentially, from |
|
Enter a unique secret key or password for each key. Use any alphanumeric characters without any space. Once configured, it will appear in an encrypted format. |
|
Enter a time in YYYY-MM-DD.HH:MM format to specify the time when the control gets passed on from one key to the next. When a configured start time arrives (based on the device’s clock), the key with that start time becomes active. |
|
Enter |
|
Enter any two numbers between 0 and 255. You can also
use the same number as the |
|
Enter any two numbers between 0 and 255. You must not
use this numbers for any other key inside that key chain. Reverse
the |
|
Choose a cryptographic algorithm. Starting in Junos OS Release 20.3R1, to be compliant to RFC5925, The TCP Authentication Option, we are supporting HMAC-SHA1 and AES-128 algorithms. |
|
Choose enable to include the TCP-AO option. Note:
The default value is disabled. |
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.3R1.