Assigning a time-independent key to a chain
A time-independent key has no Accept or Send time constraints. It is valid from boot-up until you change it. If you use a time-independent key, then it is the only key needed for a key chain entry.
Syntax
[no] key-chain chain_name key key_id
Generates or deletes a key in the key chain entry <chain_name
> . Using the optional
no
form of the command deletes the key. The <key_id> is any number from 0-255.
[key-string key_str]
This option lets you specify the key value for the protocol using the key. The <key_str
> can be any string of up to 14 characters in length.
[accept-lifetime infinite] [send-lifetime infinite]
accept-lifetime infinite:
Allows packets with this key to be accepted at any time from boot-up until the key is removed.
send-lifetime infinite:
Allows the switch to send this key as authorization, from boot-up until the key is removed.
show key-chain chain_name
Displays the detail information about the keys used in the key chain named chain_name .
Example
To generate a new time-independent key for the switch key chain entry: