Command:

accept-lifetime


Mode:

Router(config-keychain)#


Syntax:

accept-lifetime start-time {infinite | end-time | duration seconds}

no accept-lifetime [start-time {infinite | end-time | duration seconds}]

 

Syntax Description:

start-time

Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:

        hh:mm:ss Month date year

        hh:mm:ss date Month year

hh�hours

mm�minutes

ss�seconds

Month�first three letters of the month

date�date (1-31)

year�year (four digits)

The default start time and the earliest acceptable date is January 1, 1993.

infinite

Key is valid to be received from the start-time value on.

end-time

Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.

duration seconds

Length of time (in seconds) that the key is valid to be received.

 

Command Description:

To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime key chain key configuration command. To revert to the default value, use the no form of this command.

Only DRP Agent, Enhanced IGRP (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.

Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.


Example:

The following example configures a key chain called trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences:

Router(config-keychain)#accept-lifetime 13:30:00 Jan 25 1996 duration 7200


Misconceptions:

None


Related Commands:

key
key chain
key-string (authentication)
send-lifetime
show key chain

� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)