Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

router key-chain

Use this command to manage RIP version 2 authentication keys.

RIP version 2 uses authentication keys to ensure that the routing information exchanged between routers is reliable. For authentication to work, both the sending and receiving routers must be set to use authentication, and must be configured with the same keys.

A key-chain is a list of one or more keys and the send and receive lifetimes for each key. Keys are used for authenticating routing packets only during the specified lifetimes. The FortiGate migrates from one key to the next according to the scheduled send and receive lifetimes. The sending and receiving routers should have their system dates and times synchronized, but overlapping the key lifetimes ensures that a key is always available even if there is some difference in the system times.

config router key-chain
    edit {name}
    # Configure key-chain.
        set name {string}   Key-chain name. size[35]
        config key
            edit {id}
            # Configuration method to edit key settings.
                set id {string}   Key ID (0 - 2147483647). size[10]
                set accept-lifetime {string}   Lifetime of received authentication key (format: hh:mm:ss day month year).
                set send-lifetime {string}   Lifetime of sent authentication key (format: hh:mm:ss day month year).
                set key-string {string}   Password for the key (max. = 35 characters). size[35]
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

accept-lifetime <start> <end>

Set the time period during which the key can be received. The start time has the syntax hh:mm:ss day month year. The end time provides a choice of three settings: hh:mm:ss day month year; a duration from 1 to 2147483646 seconds; or infinite for a key that never expires

The valid settings for hh:mm:ss day month year are:

  • hh: 0 - 23
  • mm: 0 - 59
  • ss: 0 - 59
  • day: 1 - 31
  • month: 1 - 12
  • year: 1993 - 2035

send-lifetime <start> <end>

Set the time period during which the key can be received. The start time has the syntax hh:mm:ss day month year. The end time provides a choice of three settings: hh:mm:ss day month year; a duration from 1 to 2147483646 seconds; or infinite for a key that never expires

The valid settings for hh:mm:ss day month year are:

  • hh: 0 - 23
  • mm: 0 - 59
  • ss: 0 - 59
  • day: 1 - 31
  • month: 1 - 12
  • year: 1993 - 2035

router key-chain

Use this command to manage RIP version 2 authentication keys.

RIP version 2 uses authentication keys to ensure that the routing information exchanged between routers is reliable. For authentication to work, both the sending and receiving routers must be set to use authentication, and must be configured with the same keys.

A key-chain is a list of one or more keys and the send and receive lifetimes for each key. Keys are used for authenticating routing packets only during the specified lifetimes. The FortiGate migrates from one key to the next according to the scheduled send and receive lifetimes. The sending and receiving routers should have their system dates and times synchronized, but overlapping the key lifetimes ensures that a key is always available even if there is some difference in the system times.

config router key-chain
    edit {name}
    # Configure key-chain.
        set name {string}   Key-chain name. size[35]
        config key
            edit {id}
            # Configuration method to edit key settings.
                set id {string}   Key ID (0 - 2147483647). size[10]
                set accept-lifetime {string}   Lifetime of received authentication key (format: hh:mm:ss day month year).
                set send-lifetime {string}   Lifetime of sent authentication key (format: hh:mm:ss day month year).
                set key-string {string}   Password for the key (max. = 35 characters). size[35]
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

accept-lifetime <start> <end>

Set the time period during which the key can be received. The start time has the syntax hh:mm:ss day month year. The end time provides a choice of three settings: hh:mm:ss day month year; a duration from 1 to 2147483646 seconds; or infinite for a key that never expires

The valid settings for hh:mm:ss day month year are:

  • hh: 0 - 23
  • mm: 0 - 59
  • ss: 0 - 59
  • day: 1 - 31
  • month: 1 - 12
  • year: 1993 - 2035

send-lifetime <start> <end>

Set the time period during which the key can be received. The start time has the syntax hh:mm:ss day month year. The end time provides a choice of three settings: hh:mm:ss day month year; a duration from 1 to 2147483646 seconds; or infinite for a key that never expires

The valid settings for hh:mm:ss day month year are:

  • hh: 0 - 23
  • mm: 0 - 59
  • ss: 0 - 59
  • day: 1 - 31
  • month: 1 - 12
  • year: 1993 - 2035