Configuring the FA authentication key on an interface
On the FA Server, you can configure an authentication key on an interface (port, static MLT or LACP MLT), to authenticate a client or proxy device on that interface. The authentication key is stored in encrypted form when you save configuration on the FA Server.
Before you begin
Ensure that:
On the FA Server, FA is enabled globally and also on the interface.
FA message authentication is enabled on the interface.
Note
By default, enabling FA enables message authentication. The authentication key is set to the default value and appears encrypted on the output.
About this task
Use this procedure to configure an FA authentication key on a specified port or on all ports of an MLT, on the switch. If you do not configure an authentication key, the default value is used. If you specify a key, the default value is overridden and is stored in encrypted format in a separate file other than the configuration file, when you execute the save config command.
Caution
For an FA Client or an FA Proxy device to successfully authenticate and attach to the FA Server, the authentication key must match on both the client and the server. If the authentication key is changed on the FA Server switch, it must correspondingly be changed on the FA Client or Proxy attached to it, for FA to operate properly.
Procedure
Example
Switch:1>en Switch:1#conf t Enter configuration commands, one per line. End with CNTL/Z.
Enable FA and message authentication on a port. Configure the authentication key phone-network on the port.
Switch:1(config)#interface gigabitEthernet 1/2 Switch:1(config-if)#fa enable Switch:1(config-if)#fa message-authentication Switch:1(config-mlt)#fa authentication-key phone-network Switch:1(config-if)#exit Switch:1(config)#
Enable FA and message authentication on an MLT. Configure the authentication key client-network on the MLT.
Switch:1(config)#interface mlt 10 Switch:1(config-mlt)#fa enable Switch:1(config-mlt)#fa message-authentication Switch:1(config-mlt)#fa authentication-key client-network
Verify configuration of the FA authentication key. The authentication key appears encrypted on the output.
Switch:1(config-if)#show fa interface ============================================================== Fabric Attach Interfaces ============================================================== INTERFACE SERVER MGMT MGMT MSG AUTH MSG AUTH STATUS ISID CVID STATUS KEY -------------------------------------------------------------- Port1/2 enabled 0 0 enabled **** MLT10 enabled 0 0 enabled **** -------------------------------------------------------------- 2 out of 2 Total Num of fabric attach interfaces displayed --------------------------------------------------------------
Variable Definitions
The following table defines parameters for the fa authentication-key command.
Variable |
Value |
---|---|
WORD<0–32> |
Specifies the authentication key on the port or MLT. |