25. group-encryption commands
25.1. group-encryption command descriptions
group-encryption
Synopsis
Enter the group-encryption context
Context
Tree
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
encryption-keygroup [id] number
Synopsis
Enter the encryption-keygroup list instance
Context
Tree
Max. Elements
127
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[id] number
Synopsis
Identification of the encryption keygroup
Context
Range
1 to 127
Notes
This element is part of a list key.
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
active-outbound-security-association reference
Synopsis
The Security Parameter Index (SPI) to be used when performing encryption and authentication on egressing packets using this keygroup
Context
configure group-encryption encryption-keygroup number active-outbound-security-association reference
Reference
configure group-encryption encryption-keygroup number security-association number
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
authentication-algorithm keyword
 | Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
The hashing algorithm used for the Authentication Header (AH) protocol's authentication function
Context
configure group-encryption encryption-keygroup number authentication-algorithm keyword
Default
sha256
Options
sha256, sha512
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
description string
Synopsis
Text description
Context
configure group-encryption encryption-keygroup number description string
Tree
String Length
1 to 80
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
encryption-algorithm keyword
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
The encryption algorithm to be used. Encryption only applies to ESP (Encapsulating Security Payload) configurations.
Context
configure group-encryption encryption-keygroup number encryption-algorithm keyword
Tree
Default
aes128
Options
aes128, aes256
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
keygroup-name string
Synopsis
The name to associate with this keygroup
Context
configure group-encryption encryption-keygroup number keygroup-name string
Tree
String Length
0 to 64
Default
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
security-association [security-parameter-index] number
Synopsis
Enter the security-association list instance
Context
configure group-encryption encryption-keygroup number security-association number
Tree
Max. Elements
4
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
[security-parameter-index] number
Synopsis
Security Parameter Index
Context
configure group-encryption encryption-keygroup number security-association number
Range
1 to 1023
Notes
This element is part of a list key.
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
authentication-key string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Key used for the authentication algorithm. The length of the key must match the length required by the authentication algorithm.
Context
configure group-encryption encryption-keygroup number security-association number authentication-key string
Tree
String Length
1 to 115
Notes
This element is mandatory.
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
encryption-key string
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
Key used for the encryption algorithm. The length of the key must match the length required by the encryption algorithm.
Context
configure group-encryption encryption-keygroup number security-association number encryption-key string
Tree
String Length
1 to 71
Notes
This element is mandatory.
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR
group-encryption-label number
| Warning: Modifying this element recreates the parent element automatically for the new value to take effect. |
Synopsis
The network-wide unique label to be used by group encryption. It is used as an identifier for encrypted packets and is a mandatory configuration for group encryption to be functional. Once a label value is used, it will be reserved and will not be available for any MPLS interface label-map pop operation.
Context
Range
32 to 2047
Introduced
21.10.R1
Platforms
7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR