The key rollover timer can be configured so that rekeying takes place on all the nodes at the same time and the security parameters are consistent across all the nodes. The timing of the authentication key add-remove interval can also be altered.
Procedure
-
Enter the
configure terminal command to access global configuration mode.
device# configure terminal
-
Enter the
ip router-id command to specify the router ID.
device(config)# ip router-id 10.11.12.13
-
Enter the
ipv6 router ospf command to enter OSPFv3 router configuration mode and enable OSPFv3 on the device.
device(config)# ipv6 router ospf
-
Enter the
key-add-remove-interval command and specify the desired interval to set the timing of the authentication key add-remove interval.
device(config-ipv6-router-ospf-vrf-default-vrf)# key-add-remove-interval 240
-
Enter the
key-rollover-interval command and specify the desired interval to set the timing of the configuration changeover.
device(config-ipv6-router-ospf-vrf-default-vrf)# key-rollover-interval 240
Example
The following example sets the key add-remove interval to 240 seconds (4 minutes) and sets the timing of the configuration changeover to 240 seconds (4 minutes).
device# configure terminal
device(config)# ip router-id 10.11.12.13
device(config)# ipv6 router ospf
device(config-ipv6-router-ospf-vrf-default-vrf)# key-add-remove-interval 240
device(config-ipv6-router-ospf-vrf-default-vrf)# key-rollover-interval 240
