Purpose
Command or Action
switch(config-keychain)# copy running-config
startup-config
Configuring a Master Key and Enabling the AES Password Encryption Feature
You can configure a master key for type-6 encryption and enable the Advanced Encryption Standard (AES)
password encryption feature.
SUMMARY STEPS
1.
[
no
]
key config-key ascii
2.
configure terminal
3.
[
no
]
feature password encryption aes
4.
(Optional)
show encryption service stat
5.
copy running-config startup-config
DETAILED STEPS
Purpose
Command or Action
Configures a master key to be used with the AES password
encryption feature. The master key can contain between 16
[
no
]
key config-key ascii
Example:
Step 1
and 32 alphanumeric characters. You can use the
no
form
of this command to delete the master key at any time.
switch# key config-key ascii
New Master Key:
Retype Master Key:
If you enable the AES password encryption feature before
configuring a master key, a message appears stating that
password encryption will not take place unless a master key
is configured. If a master key is already configured, you are
prompted to enter the current master key before entering a
new master key.
Enters global configuration mode.
configure terminal
Example:
Step 2
switch# configure terminal
switch(config)#
Enables or disables the AES password encryption feature.
[
no
]
feature password encryption aes
Example:
Step 3
switch(config)# feature password encryption aes
Displays the configuration status of the AES password
encryption feature and the master key.
(Optional)
show encryption service stat
Example:
Step 4
switch(config)# show encryption service stat
Copies the running configuration to the startup
configuration.
Required:
copy running-config startup-config
Example:
Step 5
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
423
Configuring Keychain Management
Configuring a Master Key and Enabling the AES Password Encryption Feature