NOTE
- MD5とHMAC-SHA-256
- HMAC-SHA-256 はAF モードだけで使える
- hmac-sha-256 はkey chain 無しで直接パスワードを書く
- key chain のsendとacceptで有効期限を付けてローテション
CONFIGURATION
key chain CCIE key 1 key-string cisco interface fa1/0 ip authentication mode eigrp 65000 md5 ip authentication key-chain eigrp 65000 CCIE router eigrp CCIE address-family ipv4 unicast autonomous-system 65000 af-interface default authentication mode md5 authentication key-chain CCIE
router eigrp CCIE address-family ipv4 unicast autonomous-system 65000 af-interface default authentication mode hmac-sha-256 cisco
key chain KEY_ROTATION key 10 key-string CISCO10 accept-lifetime 00:00:00 Jan 1 1993 00:15:00 Jan 1 2030 send-lifetime 00:00:00 Jan 1 1993 00:05:00 Jan 1 2030 key 20 key-string CISCO20 accept-lifetime 00:00:00 Jan 1 2030 infinite send-lifetime 00:00:00 Jan 1 2030 infinite
コメント