From: marvin greenlee (marvin@ccbootcamp.com)
Date: Tue May 31 2005 - 16:45:41 GMT-3
In the command reference for 'key-chain', they provide an example using an
overlap before and after for accepting the new key to allow for
discrepancies in the clocks on the devices.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_refe
rence_chapter09186a008017d029.html
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: Tuesday, May 31, 2005 12:18 PM
To: ccielab@groupstudy.com
Subject: overlapping key's [bcc][faked-from]
Importance: Low
when you are faced with a situation of needing to age out one key while
validating a new key, let's say by 1/2 hour, or from 5 - 5:30
would you set the send keys to stop sending @ 5pm and set the recieve keys
to stop reciving @ 5:30 on the old key
and set the new key to send @ 5:30 and recieve @ 5:30
or
would you set set both the send and recieve time of the old key to 5:30 and
set both the send and recieve time of the new key to kick in @ 5:00 pm
i'm guessing it's more like the last but i'm not sure if there is another
staggering algorithm that is preferable.....
TIA
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:04 GMT-3