Alcatel-Lucent 6850-48 参照ガイド

IPsec commands

page 34-4

OmniSwitch CLI Reference Guide

Sets the master security key for the switch. The master security key is used to encrypt and decrypt the 
configured SA keys that are saved to permanent storage (e.g., boot.cfg file).

ipsec security-key [old_key] new_key

The current master security key. The key can be specified either in the 
hexadecimal format (16 bytes in length) or as a string (16 characters in 
length).

The new key value. The key can be specified either in the hexadecimal 
format (16 bytes in length) or as a string (16 characters in length).

By default, no master security key is set for the switch.

OmniSwitch 6850, 9000, 9000E

• The old_key parameter should always be specified when you modify an existing key. Setting the key 

for first time does not require the old_key.

• If the value of the old_key is incorrect, the attempt to set a new key will fail.

• When there is no master security key configured for the switch, the SA key values are written unen-

crypted to permanent storage (boot.cfg or other configuration file). A warning message is logged when 
this occurs. 

• If the master security key is reset using debug clear ipsec security-key command, the currently 

configured SA keys will be deleted.

• When the master security key is set or changed, its value is immediately propagated to the secondary 

CMM. In a stacked configuration, the master security key is saved to all modules in case a stack split 
occurs or there is a simultaneous failure of both CMM modules. When the master security key is 
changed, save and synchronize the current configuration to ensure the proper operation of IPsec in the 
event of a switch reboot or takeover. 

-> ipsec security-key alcatel_corp_001 alcatel_lucent01

Release 6.3.4; command was introduced.