HP 3500yl Series Access Security Manual page 754

Key Management System
Configuring Key Chain Management
Note
HP Switch(config)# key-chain Networking2 key 1 accept-1ifetime now 06/17/11
8:00:00
HP Switch(config)# key-chain Networking2 key 2 accept-lifetime 06/18/11
8:00:00 duration 87000 send-lifetime 06/18/11 8:00:00 duration 86400
HP Switch(config)# key-chain Networking2 key 3 accept-lifetime 06/19/11
8:00:00 duration 87000 send-lifetime 06/19/11 8:00:00 duration 86400
HP Switch(config)# key-chain Networking2 key 4 accept-lifetime 06/20/11
8:00:00 duration 87000 send-lifetime 06/20/11 8:00:00 duration 86400
HP Switch(config)# key-chain Networking2 key 5 accept-lifetime 06/21/11
8:00:00 duration 87000 send-lifetime 06/21/11 8:00:00 duration 86400
Figure 16-3. Adding Time-Dependent Keys to a Key Chain Entry
Note
16-6
Using time-dependent keys requires that all the switches have accurate,
synchronized time settings. You can manually set the time or use the Time
protocol feature included in the switches. For more information, refer to the
chapter covering time protocols in the Management and Configuration
Guide for your switch.
For example, to add a number of keys to the key chain entry "Networking2":
Given transmission delays and the variations in the time value from switch to
switch, it is advisable to include some flexibility in the Accept lifetime of the
keys you configure. Otherwise, the switch may disregard some packets
because either their key has expired while in transport or there are significant
time variations between switches.
To list the result of the commands in figure 16-4:
Adds a key with
time and date
Adds a key with
duration expressed
in seconds.