K Commands
Download this chapter
K CommandsK Commands
 Feedback

Table Of Contents

K Commands

key

key-string

key chain


K Commands

This chapter describes the Cisco NX-OS security commands that begin with K.

key

To create a key or to enter the configuration mode for an existing key, use the key command. To remove the key, use the no form of this command.

key key-ID

no key key-ID

Syntax Description

key-ID

ID of the key to configure. This ID must be a whole number between 0 and 65535.


Defaults

None

Command Modes

Keychain configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

A new key contains no key strings.

This command does not require a license.

Examples

This example shows how to enter key configuration mode for key 13 in the glbp-keys keychain: 

switch# configure terminal 

switch(config)# key chain glbp-keys 

switch(config-keychain)# key 13 

switch(config-keychain-key)#

Related Commands

Command
Description

accept-lifetime

Configures an accept lifetime for a key.

key chain

Create a keychain and enter keychain configuration mode.

key-string

Configures the shared secret (text) for a specific key.

send-lifetime

Configures a send lifetime for a key.

show key chain

Shows keychain configuration.


key-string

To configure the text for a key, use the key-string command. To remove the text, use the no form of this command.

key-string [encryption-type] text-string

no key-string text-string

Syntax Description

encryption-type

(Optional) Specifies the type of encryption to use. The encryption-type argument can be one of the following values:

0—The text-string argument that you enter is unencrypted text. This is the default.

7—The text-string argument that you enter is encrypted. The encryption method is a Cisco proprietary method. This option is useful when you are entering a text string based on the encrypted output of a show key chain command that you ran on another NX-OS device.

text-string

Text of the key string, up to 63 case-sensitive, alphanumeric characters.


Defaults

None

Command Modes

Key configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

The key-string text is a shared secret. The device stores key strings in a secure format.

You can obtain encrypted key strings by using the show key chain command on another NX-OS device.

This command does not require a license.

Examples

This example shows how to enter an encrypted shared secret for key 13: 

switch# configure terminal

switch(config)# key chain glbp-keys

switch(config-keychain)# key 13

switch(config-keychain-key)# key-string 7 071a33595c1d0c1702170203163e3e21213c20361a021f11

switch(config-keychain-key)#

Related Commands

Command
Description

accept-lifetime

Configures an accept lifetime for a key.

key

Configures a key.

key chain

Configures a keychain.

send-lifetime

Configures a send lifetime for a key.

show key chain

Shows keychain configuration.


key chain

To create a keychain or to configure an existing keychain, use the key chain command. To remove the keychain, use the no form of this command.

key chain keychain-name

no key chain keychain-name

Syntax Description

keychain-name

Name of the keychain, up to 63 alphanumeric, case-sensitive characters in length.


Defaults

None

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command creates the keychain if it does not already exist. A new keychain contains no keys.

Removing a keychain also removes any keys that the keychain contains.

Before you remove a keychain, ensure that no feature uses it. If a feature is configured to use a keychain that you remove, that feature is likely to fail to communicate with other devices.

This command does not require a license.

Examples

This example shows how to configure a keychain named glbp-keys: 

switch# configure terminal 

switch(config)# key chain glbp-keys 

switch(config-keychain)#

Related Commands

Command
Description

accept-lifetime

Configures an accept lifetime for a key.

key

Configures a key.

key-string

Configures a key string.

send-lifetime

Configures a send lifetime for a key.

show key chain

Configures a send lifetime for a key.