accept-tolerance
To specify the tolerance or acceptance limit, in seconds, for an accept key that is used by a peer, use the
accept-tolerance command in keychain configuration mode. To disable this feature, use the no form of this
command.
accept-tolerance [value| infinite]
no accept-tolerance [value| infinite]
Syntax Description
(Optional) Tolerance range, in seconds. The range is from 1 to 8640000.
value
(Optional) Specifies that the tolerance specification is infinite. The accept key never
expires. The tolerance limit of infinite indicates that an accept key is always acceptable
and validated when used by a peer.
infinite
Command Default
The default value is 0, which is no tolerance.
Command Modes
Keychain configuration
Command History
ModificationRelease
This command was introduced.Release 3.4.0
Usage Guidelines
If you do not configure the accept-tolerance command, the tolerance value is set to zero.
Even though the key is outside the active lifetime, the key is deemed acceptable as long as it is within the
tolerance limit (for example, either prior to the start of the lifetime, or after the end of the lifetime).
Task ID
OperationsTask ID
read, writesystem
Examples
The following example shows how to use the accept-tolerance command:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# key chain isis-keys
RP/0/RP0/CPU0:router(config-isis-keys)# accept-tolerance infinite
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
148 OL-24740-01
Keychain Management Commands
accept-tolerance
To Next Page
Loading...
Need help?
General
