Table 202 ntp accessgroup Command Options



Step 3.

Generate the RSA key pair. The RSA keys are used to authenticate the router to its SA peer. The command syntax for key generation is crypto key generate rsa usage keys . The usage keys option enables you to generate two special-purpose key pairs (authentication pair and encryption pair for RSA-encrypted nonces). If you do not use the optional command, you will generate a single "general-purpose" public/private key pair. It is also possible to select the modulus length when generating keys. General-purpose keys are sufficient for standard authentication using RSA signatures. The available modulus lengths are 360, 512, 1024, and 2048 bits. The longer the modulus length, the longer it will take the router to generate the keys.

To delete all configured RSA keys from the router, use the crypto key zeroize rsa command. Step 4.

Add the CA server to the router host table. By adding the CA server IP address to the router host table, you define a static host name-to-IP address mapping and remove the requirement for using Domain Name System (DNS). Removing the requirement for DNS increases the performance of the router because it is no longer affected by any delay of the DNS server:

• ip host name addressl [address2 ]

Example 20-3 shows the correct syntax for adding the CA server to the host table on the router in New York.

0 0

Post a comment