authentication-key
S e n d d o c u m e n t c o m m e n t s t o n e x u s 7 k - d o c f e e d b a c k @ c i s c o . c o m .
authentication-key
To configure the password used to create the SHA-1 HMAC hash for authenticating the Map-Register
message sent by an egress tunnel router (ETR) when registering to the Map-Server, use the
authentication-key command. To remove the password, use the no form of this command.
Syntax Description
key-type
password
None
Defaults
LISP site configuration mode
Command Modes
network-admin
Supported User Roles
vdc-admin
Command History
Release
5.0(1.13)
When a Locator/ID Separation Protocol (LISP) ETR registers with a Map-Server, the Map Server must
Usage Guidelines
already have been configured with certain LISP site attributes that match the ETR attributes. These
attributes include a shared password that is used to create the SHA-1 HMAC hash that the Map Server
uses to validate the authentication data in the Map-Register message. On the ETR, this password is
configured by using the ip lisp etr map-server and ipv6 lisp etr map-server command.
On the Map Server, the password is configured as part of the lisp site configuration process. To enter the
LISP site password, enter the authentication-key command in LISP site configuration mode. You can
enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an
unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a
key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Map-Server authentication keys entered in cleartext form automatically are converted to Type 3
Caution
(encrypted) form.
Cisco Nexus 7000 Series NX-OS LISP Command Reference
LSP-4
authentication-key key-type password
no authentication-key key-type password
Key type that the following SHA-1 password is encoded using Type (0) indicates
that a cleartext password follows. Type (3) indicates that a 3DES encrypted key
follows, and Type (7) indicates that a Cisco Type 7 encrypted password follows.
Password used to create the SHA-1 HMAC hash when authenticating the
Map-Register message sent by the ETR.
Modification
This command was introduced.
Cisco Nexus 7000 Series LISP Commands