Solved: Key Chain Lifetime question

hufa97 · ‎02-22-2012

I have a router with the following key chain configuration:

key chain <KEYCHAIN1>

key 1

key-string <EIGRP_KEY1>

accept-lifetime 00:00:00 Oct 1 2010 infinite

send-lifetime 00:00:00 Oct 1 2010 infinite

It is connected to a switch with the following key chain configuration:

key chain <KEYCHAIN1>

key 1

key-string <EIGRP_KEY1>

accept-lifetime 00:00:00 Oct 1 2005 infinite

send-lifetime 00:00:00 Oct 1 2005 infinite

I am concerned about the accept-lifetime and send-lifetime start dates. Will the network devices properly send eigrp information to each other with the above key chain setup?

Thank you.

cadet alain · ‎02-22-2012

Hi,

if your devices clocks are greater than Oct 1 2010 midnight then there will be no problem but you should set NTP when doing this thing.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎02-22-2012

Hi,

if your devices clocks are greater than Oct 1 2010 midnight then there will be no problem but you should set NTP when doing this thing.

Regards.

Alain

Don't forget to rate helpful posts.

hufa97 · ‎02-22-2012

Thanks for the response. Our NTP server is providing the current time and date. So if I understand your response correctly, we should be alright since the date is past Oct1 2010.

On a side note, is there a reason why the key chain start dates would be different?

Gautam Renjen · ‎02-22-2012

The keychain start dates could be different depending on when the configs were originally made. Usually it's safe to say that if i configure a router today then any packet arriving with a timestamp before today shouldn't be accepted as it could be junk. Chances are that the router was configured, or inherited a config that was deployed in 2005.