To set the time period during which the authentication key on a key chain is received as valid, usetheaccept-lifetime key chain key configuration command. To revert to the default value, use the no form of this command.
accept-lifetime start-time {infinite | end-time | duration seconds}
no accept-lifetime [start-time{infinite | end-time | duration seconds}]
start-time Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:
hh:mm:ssMonthdateyear
hh:mm:ssdateMonthyear
hhhours
mmminutes
ssseconds
datedate (1-31)
Monthfirst three letters of the month
yearyear (four digits)
The default start time and the earliest acceptable date is January 1, 1993.
infinite Key is valid to be received from the start-time on.
end-time Key is valid to be received from the start-time until end-time. The end-time must be after the start-time. The syntax is the same as that for start-time. The default end time is an infinite time period.
duration seconds Length of time (in seconds) that the key is valid to be received.
Forever (Starting time is January 1, 1993, and ending time is infinite.)
Key chain key configuration
| Release | Modification | 11.1 | This command was introduced. |
|---|
Only DRP Agent, IP Enhanced IGRP, and RIP Version 2 use key chains.
Specify a start-time and one of the following: infinite ,end-time, or duration seconds.
We recommend running NTP or some other time synchronization method if you assign a lifetime to a key.
If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.
In the following example, the key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:40 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the router's set time. There is a half-hour leeway on each side to handle time differences.
interface ethernet 0 ip rip authentication key-chain trees ip rip authentication mode md5 ! router rip network 172.19.0.0 version 2 ! key chain trees key 1 key-string chestnut accept-lifetime 13:30:00 Jan 25 1996 duration 7200 send-lifetime 14:00:00 Jan 25 1996 duration 3600 key 2 key-string birch accept-lifetime 14:30:00 Jan 25 1996 duration 7200 send-lifetime 15:00:00 Jan 25 1996 duration 3600
| Command | Description |
|---|---|
| key | Identifies an authentication key on a key chain. |
| key chain | Enables authentication for routing protocols. |
| key-string (authentication) | Specifies the authentication string for a key. |
| send-lifetime | Sets the time period during which an authentication key on a key chain is valid to be sent. |
| show key chain | Displays authentication key information. |
Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003
All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.