To create a TCP-AO Master Key Tuple (MKT) in the BGP instance, use the command tcp-ao mkt key-id in BGP Router Configuration Mode. This command executes only if BGP Speaker Local AS number is configured. The no form of the command deletes a TCP-AO MKT in the BGP instance.
| Parameter | Type | Description |
|---|---|---|
key-id <Key Id(0-255)>
|
Integer | Enter to set the send KeyID of the MKT. This value is used to fill the key-id field in the TCP-AO option in the TCP header. This value ranges from 0 to 255. |
receive-key-id <Rcv Key Id (0-255)>
|
Enter to set the Receive Key-id of the MKT. The MKT ready at the sender to be used for authenticating received segments is indicated to the peer by filling the receive key id of the MKT in of the TCP-AO option in TCP header. This value ranges from 0 to 255. | |
algorithm
|
Enter to configure the algorithm used for TCP-AO MAC or KDF calculation. | |
hmac-sha-1
|
Enter to configure the algorithm type as hmac-sha-1. | |
aes-128-cmac
|
Enter to configure the algorithm type as aes-128-cmac. | |
key <master-key>
|
Enter to configure the master key corresponding to the MKT. This value is an octet string with the size between 1 and 80. | |
tcp-option-exclude
|
Enter to set the exclude TCP option which excludes the TCP options other than TCP-AO during MAC calculation, If this is not set TCP-AO MAC will be calculated on TCP segment including all other TCP options. |
algorithm - hmac-sha-1
BGP Router Configuration Mode
iS5Comm (config-router)# tcp-ao mkt key-id 1 receive-key-id 1 algorithm hmac-sha-1 key key1