The key-id command creates a key ID.
The undo key-id command deletes the key ID configuration.
By default, no key ID is configured.
| Parameter | Description | Value |
|---|---|---|
| key-id | Specifies the ID of a key in the keychain. | The value is an integer ranging from 0 to 63. |
Usage Scenario
In keychain authentication mode, secure protocol packet transmission is provided by changing the authentication algorithm and key dynamically. This can reduce the workload of changing the algorithm and key manually.
The dynamic change of the keychain authentication algorithm is implemented based on the key IDs. Each keychain consists of multiple key IDs that are valid within different time periods and each key ID is configured with an authentication algorithm. When a key ID becomes valid, the corresponding authentication algorithm is used.
Precautions
It is recommended that a maximum of 64 key IDs be configured for a keychain and only one key ID become valid each time.
If a key ID becomes invalid and no other key IDs become valid in time, there is no key ID available for packet authentication and encryption. To ensure the normal packet transmission, specifying a default key ID for packet sending is recommended.
Follow-up Procedure
After a key ID is created, specify the authentication and encryption algorithms and the key for the key ID; set the time when a key ID becomes valid or invalid.
The time period within which a key ID for packet sending or receiving is valid and the time mode configured for the key ID must be identical with that configured for the keychain.