Command:

send-lifetime


Mode:

Router(config-keychain)#


Syntax:

send-lifetime start-time {infinite | end-time | duration seconds}
no send-lifetime [start-time {infinite | end-time | duration seconds}]

 

Syntax Description:

start-time Beginning time that the key specified by the key command is valid to be sent. The syntax can be either of the following:

hh:mm:ss Month date year

hh:mm:ss date Month year

hh--hours

mm--minutes

ss--seconds

Month--first three letters of the month

date--date (1-31)

year--year (four digits)

The default start time and the earliest acceptable date is January 1, 1993.

infinite Key is valid to be sent from the start-time value on.
end-time Key is valid to be sent from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.
duration seconds Length of time (in seconds) that the key is valid to be sent.

 

Command Description:

To set the time period during which an authentication key on a key chain is valid to be sent, use the send-lifetime key chain key configuration command. To revert to the default value, use the no form of this command.

The default is forever (the starting time is January 1, 1993, and the ending time is infinite).

Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you intend to set lifetimes on keys.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.


Example:

The following example configures a key chain called trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

Router(config)#interface ethernet 0
Router(config-if)#ip rip authentication key-chain trees
Router(config-if)#ip rip authentication mode md5

Router(config)#router rip
Router(config-router)#network 172.19.0.0
Router(config-router)#version 2

Router(config)#key chain trees
Router(config-keychain)#key 1
Router(config-keychain)#key-string chestnut
Router(config-keychain)#accept-lifetime 13:30:00 Jan 25 1996 duration 7200
Router(config-keychain)#send-lifetime 14:00:00 Jan 25 1996 duration 3600
Router(config-keychain)#key 2
Router(config-keychain)#key-string birch
Router(config-keychain)#accept-lifetime 14:30:00 Jan 25 1996 duration 7200
Router(config-keychain)#send-lifetime  15:00:00 Jan 25 1996 duration 3600


Misconceptions:

None


Related Commands:

accept-lifetime
key
key chain
key-string
show key chain

� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)