Table Of Contents
K Commands
This chapter describes the Cisco NX-OS security commands that begin with K.
key
To create a key or to enter the configuration mode for an existing key, use the key command. To remove the key, use the no form of this command.
key key-ID
no key key-ID
Syntax Description
Defaults
None
Command Modes
Keychain configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
A new key contains no key strings.
This command does not require a license.
Examples
This example shows how to enter key configuration mode for key 13 in the glbp-keys keychain:
switch# configure terminalswitch(config)# key chain glbp-keysswitch(config-keychain)# key 13switch(config-keychain-key)#Related Commands
key config-key
To configure the master key for type-6 encryption, use the key config-key command. To delete the master key and stop type-6 encryption, use the no form of this command.
key config-key ascii new-master-key
no key config-key ascii
Syntax Description
ascii
Specifies the ASCII format.
new-master-key
The master key. The master key can be a minimum of 16 to a maximum of 32 alphanumeric characters.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure the master key for type-6 encryption:
switch# key config-key ascii
New Master Key:Retype Master Key:This example shows how to delete the master key and stop type-6 encryption:switch# no key config-key asciiWarning deletion of master-key will stop further type-6 encryption.Do you want to proceed (y/n)[n]: [n] yswitch#Related Commands
Command Descriptionfeature password encryption aes
Enables the AES password encryption features.
show encryption service stat
Displays the status of the encryption service.
key-string
To configure the text for a key, use the key-string command. To remove the text, use the no form of this command.
key-string [encryption-type] text-string
no key-string text-string
Syntax Description
Defaults
None
Command Modes
Key configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The key-string text is a shared secret. The device stores key strings in a secure format.
You can obtain encrypted key strings by using the show key chain command on another Cisco NX-OS device.
This command does not require a license.
Examples
This example shows how to enter an encrypted shared secret for key 13:
switch# configure terminalswitch(config)# key chain glbp-keysswitch(config-keychain)# key 13switch(config-keychain-key)# key-string 7 071a33595c1d0c1702170203163e3e21213c20361a021f11switch(config-keychain-key)#Related Commands
key chain
To create a keychain or to configure an existing keychain, use the key chain command. To remove the keychain, use the no form of this command.
key chain keychain-name
no key chain keychain-name
Syntax Description
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command creates the keychain if it does not already exist. A new keychain contains no keys.
Removing a keychain also removes any keys that the keychain contains.
Before you remove a keychain, ensure that no feature uses it. If a feature is configured to use a keychain that you remove, that feature is likely to fail to communicate with other devices.
This command does not require a license.
Examples
This example shows how to configure a keychain named glbp-keys:
switch# configure terminalswitch(config)# key chain glbp-keysswitch(config-keychain)#Related Commands