Avaya Configuring Data Encryption Services User Manual download pdf (Page 26)

Configuring Data Encryption Services

2-2 117386-A Rev. A

Synchronizing Router Clocks

The Master Encryption Key must be the same at both ends of a link. Therefore,

the MEK Change parameter value, which sets the amount of time between

changes in the value of the MEK, must also be the same. For these values to be the

same routinely, the MEK changes must occur at approximately the same time,

which requires that the routers use the same date and time. If the routers’ clocks

differ by more than the MEK Change value, WEP drops all packets.

You can use the Network Time Protocol (NTP) to synchronize the routers. You

can also set the MEK Change parameter to a value large enough to accommodate

differences between the routers’ clocks.

Using Encryption with AN Routers

AN router models earlier than Version 8.12/2.12 lose both date and time if they

are powered off. Newer models have a battery that maintains the router clock. If

your AN has a model number in the format AE xxxxxxx, it is a new, BayStack

™

AN, and it has the battery.

To use encryption with older ANs, you must synchronize the router clocks before

you conﬁgure encryption.

Encryption and Performance

Using encryption requires substantial resources, and reduces router throughput.

Carefully select the interfaces on which you use encryption. You can partially

lower the cost of using encryption by using data compression with encryption.

Caution: You should disable Telnet access of any kind between secure

routers. If anyone changes the date on either of the routers, trafﬁc stops.

1 2 ... 21 22 23 24 25 26 27 28 29 30 31 ... 61 62

No comments

Avaya Configuring Data Encryption Services User Manual Page 26