Hello ITPro.. Wondering if someone can explain to me the difference between a keychain vs a key-string in the Cisco world? I am a bit confused. I am working with the NX OS platform and it looks like you have quite a few options for authenticating OSPF or HSRP for example...
Here are some OSPF options for authentication from the CLI:
WILNXLAB-02(config-if)# ip ospf ?
authentication Authentication on the interface
authentication-key Configure the authentication key for the interface
message-digest-key Message digest authentication password (key)
WILNXLAB-02(config-if)# ip ospf authentication?
authentication Authentication on the interface
authentication-key Configure the authentication key for the interface
WILNXLAB-02(config-if)# ip ospf authentication-key ?
0 Specifies an UNENCRYPTED authentication key will follow
3 Specifies an 3DES ENCRYPTED authentication key will follow
7 Specifies a Cisco type 7 ENCRYPTED authentication key will follow
LINE The UNENCRYPTED (cleartext) authentication key
WILNXLAB-02(config-if)# ip ospf message-digest-key ?
<0-255> Key ID
For HSRP you have a bunch of options too:
WILNXLAB-02(config-if-hsrp)# ?
authentication Authentication
WILNXLAB-02(config-if-hsrp)# authentication ?
WORD Plain text authentication string (Max Size 8)
md5 Use MD5 authentication
text Plain text authentication
WILNXLAB-02(config-if-hsrp)# authentication md5 ?
key-chain Set key chain
key-string Set key string
WILNXLAB-02(config-if-hsrp)# authentication md5 key-chain
WORD Name of key-chain (Max Size 250)
What is all of this? What is the difference between a keychain and a key-string? If I specify a message-digest-key "1" for an interface to negotiate OSPF, should I not use "1" again? Is there a show that deep dives into this I can watch?
Regards,
Adam Tyler