accept-lifetime
To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command inkey chain key configuration mode. To revert to the default value, use the no form of this command.
Syntax
accept-lifetime start-time {infinite | end-time | duration seconds}
no accept-lifetime
Parameters
-
start-time—Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:
-
hh:mm:ss Month date year
-
hh:mm:ss date Month year
-
hh—hours (0-23)
-
mm—minutes (0-59)
-
ss—seconds (0-59)
-
Month—first three letters of the month
-
date—date (1-31)
-
year—year (four digits)
-
The acceptable year range is 2020-2037, with default start time and the earliest acceptable date is January 1 of the first acceptable year.
-
infinite—Key is valid to be received from the start-time value on.
-
end-time—Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.
-
duration seconds—Length of time (in seconds) that the key is valid to be received. The range is from 1 to 2147483646.
Default Configuration
The default time period during which the authentication key is valid for authenticating incoming packets is set to Forever.
The definition of Forever is: the starting time is January 1, 2000, and the ending time is infinite.
Command Mode
Key Chain Key Configuration mode
User Guidelines
The switch checks Time-of-Date again a value of the start-time argument regardless if Time-of-Date is not set by management or by SNTP because of the default value of Time-of-Date always is an passed time.
If validation of the value of the start-time argument was passed and the end-time argument is configured and its value is infinite the key is considered as actual regardless if Time-of-Date is not set by management or by SNTP.
If Time-of-Date is not set by management or by SNTP and if the end-time argument is configured with a value differing from infinite or the duration parameter is configured, the key is considered as expired.
If Time-of-Date is set by management or by SNTP, the switch checks Time-of-Date again a value of the end-time argument or of the duration parameter.
If the last key expires, authentication will be finished with error.
Example
The following example configures a key chain called keychain1. The key named string1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named string2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences:
switchxxxxxx(config)# router rip
switchxxxxxx(config-rip)# network 172.19.1.1
switchxxxxxx(config-rip)# exit
switchxxxxxx(config)# interface ip 172.19.1.1
switchxxxxxx(config-ip)# ip rip authentication mode md5
switchxxxxxx(config-ip)# ip rip authentication key-chain keychain1
switchxxxxxx(config-ip)# exit
switchxxxxxx(config)# key chain keychain1
switchxxxxxx(config-keychain)# key 1
switchxxxxxx(config-keychain-key)# key-string string1
switchxxxxxx(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 2011 duration 7200
switchxxxxxx(config-keychain-key)# send-lifetime 14:00:00 Jan 25 2011 duration 3600
switchxxxxxx(config-keychain-key)# exit
switchxxxxxx(config-keychain)# key 2
switchxxxxxx(config-keychain-key)# key-string string2
switchxxxxxx(config-keychain-key)# accept-lifetime 14:30:00 Jan 25 2011 duration 7200
switchxxxxxx(config-keychain-key)# send-lifetime 15:00:00 Jan 25 2011 duration 3600
switchxxxxxx(config-keychain-key)# exit