Avaya Configuring Data Encryption Services User Manual download pdf (Page 40)

Configuring Data Encryption Services

3-10

308618-14.00 Rev 00

At the SSHELL prompt, enter the

kset

command followed by a space,

and paste in the NPK.

kset npk 0x

<NPK_value>

You must enter the NPK value in hexadecimal form, and you must include the

0x notation.

Save the configuration file.

Exit the secure shell by entering:

kexit

You return to the regular prompt.

Changing NPKs

To maintain security, you should change NPKs on a router periodically. For many

applications, a period of three to six months is appropriate.

To change an NPK, issue the

kset NPK command as described in the section

“

Entering an NPK on a Router” on page 3-9. The new NPK overwrites its

predecessor, and WEP now uses the new NPK value. Remember that you must

also enter the new NPK in the PPP or frame relay Node Protection key parameter

the next time you want to change your encryption configuration.

Monitoring NPKs

If the NPK on a router does not match the NPK in the MIB, encryption does not

work. This situation occurs most frequently when you change a CPU board on one

slot of a router, and that slot therefore lacks the current NPK.

You can view the log notes to make sure that the NPK for each slot matches the

value of the NPK in the MIB. If they do not match, you can change either the

router NPK value or the MIB NPK value by working in the secure shell of the

router.

To view the log notes, in the Technician Interface enter:

log -ffwidt -eKEYMGR

1 2 ... 35 36 37 38 39 40 41 42 43 44 45 ... 69 70

No comments

Avaya Configuring Data Encryption Services User Manual Page 40