Creating and deleting key chain entries

To use KMS, you must create one or more key chain entries. An entry can be the pointer to a single time-independent key or a chain of time-dependent keys.


The key chain information is copied to the standby management module (if redundancy is enabled and the standby module has passed self-test).


[ no ] key-chain chain_name

Generate or delete a key chain entry. Using the optional no form of the command deletes the key chain. The chain_name parameter can include up to 32 characters.

show key-chain

Displays the current key chains on the switch and their overall status.

For example, to generate a new key chain entry:

Adding a new key chain entry

After adding an entry, assign keys to it for use by a KMS-enabled protocol.