System information

Key Management System

Configuring Key Chain Management

Note Given transmission delays and the variations in the time value from switch to

switch, it is advisable to include some flexibility in the Accept lifetime of the

keys you configure. Otherwise, the switch may disregard some packets

because either their key has expired while in transport or there are significant

time variations between switches.

To list the result of the commands in figure 12-3:

Figure 12-4. Display of Time-Dependent Keys in the Key Chain Entry

You can use show key-chain to display the key status at the time the command

is issued. Using the information from the example configuration in figures

12-3 and 12-4, if you execute show key-chain at 8:05 on 01/19/03, the display

would appear as follows:

Figure 12-5. Status of Keys in Key Chain Entry “Procurve2”

12-7