router : key-chain
 
key-chain
Use this command to manage RIP version 2 authentication keys. You can add, edit or delete keys identified by the specified key number.
RIP version 2 uses authentication keys to ensure that the routing information exchanged between routers is reliable. For authentication to work, both the sending and receiving routers must be set to use authentication, and must be configured with the same keys.
A key chain is a list of one or more keys and the send and receive lifetimes for each key. Keys are used for authenticating routing packets only during the specified lifetimes. The FortiGate unit migrates from one key to the next according to the scheduled send and receive lifetimes. The sending and receiving routers should have their system dates and times synchronized, but overlapping the key lifetimes ensures that a key is always available even if there is some difference in the system times. For how to to ensure that the FortiGate unit system date and time are correct, see “config system global” on page 243 .
Syntax
config router key-chain
edit <key_chain_name>
config key
edit <key_id>
set accept-lifetime <start> <end>
set key-string <password>
set send-lifetime <start> <end>
end
end
 
The accept-lifetime, key-string, and send-lifetime fields are required.
 
Variable
Description
Default
edit <key_chain_name>
Enter a name for the key chain list.
No default.
config key variables
edit <key_id>
Enter an ID number for the key entry. The number must be an integer.
No default.
accept-lifetime <start> <end>
Set the time period during which the key can be received. The start time has the syntax hh:mm:ss day month year. The end time provides a choice of three settings:
hh:mm:ss day month year
<integer> — a duration from 1 to 2147483646 seconds
infinite — for a key that never expires
The valid settings for hh:mm:ss day month year are:
hh — 0 to 23
mm — 0 to 59
ss — 0 to 59
day — 1 to 31
month — 1 to 12
year — 1993 to 2035
Note: A single digit will be accepted for hh, mm, ss, day, or month fields.
No default.
key-string <password>
The <password_str> can be up to 35 characters long.
No default.
send-lifetime <start> <end>
Set the time period during which the key can be sent. The start time has the syntax hh:mm:ss day month year. The end time provides a choice of three settings:
hh:mm:ss day month year
<integer> — a duration from 1 to 2147483646 seconds
infinite — for a key that never expires
The valid settings for hh:mm:ss day month year are:
hh — 0 to 23
mm — 0 to 59
ss — 0 to 59
day — 1 to 31
month — 1 to 12
year — 1993 to 2035
Note: A single digit will be accepted for hh, mm, ss, day, or month fields.
No default.