From: omair naim (omairnaim1@hotmail.com)
Date: Wed Nov 07 2007 - 09:11:08 ART
They say that the accept life time for key is X and send life time is X-Y.
That means even if I start sending Key to neighbour router it will not start
using new key unless the accept life time has kicked in.
For the very first time once key gets exchanged between neighbours it will be
used as there was no prior keys exchanged thats why accept-lifetime command
will not be in effect. The reason behind keeping accept lifetime little more
than send life time to make sure that in case is if there are delays in
network due to which keys exchange might be delayed in order for it to become
accepted at neighbour.
Omair> Subject: FW: KEY Management for authentication process> Date: Wed, 7
Nov 2007 14:49:14 +0500> From: Amir.Tahir@wateen.com> To:
ccielab@groupstudy.com> > AOA,> > > > While doing Technology Lab for KEY
Management, I noticed that they> mentioned specifically that accept keys for
additional 15 minutes before> / after their life time> > I would like to
confirm whether we should start sending key before /> after given time or just
accept lifetime should have flexibility for 15> Min.> > > > I have configured
the following life span for keys management but in IE> technology lab
document, they start sending from exact time which was> mentioned. Please give
me your valuable feedback> > > > > > My configurations are as follows:> > > >
key chain EIGRP> > key 1> > key-string CISCO123> > accept-lifetime 23:45:00
Dec 31 2006 00:15:00 Jan 1 2007> > send-lifetime 23:45:00 Dec 31 2006 00:15:00
Jan 1 2007> > > > key 2> > key-string CISCO456> > accept-lifetime 23:45:00 Jan
1 2007 infinite> > send-lifetime 23:45:00 Jan 1 2007 infinite> > > > > >
Thanks for help & continued support in advance> > > > Regards> >
______________> > Amir Tahir> >
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART