Purpose
Command or Action
switch(config)# copy running-config startup-config
This command is necessary to synchronize the
master key in the running configuration and the
startup configuration.
Note
Related Topics
About AES Password Encryption and Master Encryption Keys
, on page 413
About AES Password Encryption and Master Encryption Keys
, on page 413
, on page 424
Configuring Accept and Send Lifetimes for a Key
, on page 425
Configuring Text for a Key
You can configure the text for a key. The text is the shared secret. The device stores the text in a secure format.
By default, accept and send lifetimes for a key are infinite, which means that the key is always valid. After
you configure the text for a key, configure the accept and send lifetimes for the key.
Before you begin
Determine the text for the key. You can enter the text as unencrypted text or in the encrypted form that Cisco
NX-OS uses to display key text when you use the
show key chain
command. Using the encrypted form is
particularly helpful if you are creating key text to match a key as shown in the
show key chain
command
output from another device.
SUMMARY STEPS
1.
configure terminal
2.
key chain name
3.
key key-ID
4.
key-string
[
encryption-type
]
text-string
5.
(Optional)
show key chain name
[
mode decrypt
]
6.
(Optional)
copy running-config startup-config
DETAILED STEPS
Purpose
Command or Action
Enters global configuration mode.
configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Enters keychain configuration mode for the keychain that
you specified.
key chain name
Example:
Step 2
switch(config)# key chain bgp-keys
switch(config-keychain)#
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
424
Configuring Keychain Management
Configuring Text for a Key