RE: Using Key chains

From: Packet Man (ccie2b@hotmail.com)
Date: Fri Jan 30 2004 - 12:59:54 GMT-3

• Next message: Packet Man: "RE: Using Key chains"
• Previous message: Brian Dennis: "RE: Using Key chains"
• Maybe in reply to: Packet Man: "Using Key chains"
• Next in thread: Packet Man: "RE: Using Key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Brian,

Thanks for your response.

Based on what you said, does it then follow that if I need to use different
passwords on each link of a hub and spoke topology, I would have to create a
Key Chain with one key for each link connecting to the hub resulting in,
say, 5 Key Chains each with a single key if I had 5 links?

Also, is this rule true if I'm using clear text passwords rather than MD5
since with clear text there's no hash that needs to be used?

Thanks again.

>From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
>Reply-To: "Brian McGahan" <bmcgahan@internetworkexpert.com>
>To: "'kasturi cisco'" <kasturi_cisco@hotmail.com>, <ccie2b@hotmail.com>,
><ccielab@groupstudy.com>
>Subject: RE: Using Key chains
>Date: Fri, 30 Jan 2004 09:18:56 -0500
>
> The key number is not locally significant. It's used as a seed/salt
>for the MD5 hash of the key-string. If the key number does not match on
>both sides authentication will not be successful.
>
>
>HTH,
>
>Brian McGahan, CCIE #8593
>bmcgahan@internetworkexpert.com
>
>Internetwork Expert, Inc.
>http://www.InternetworkExpert.com
>Toll Free: 877-224-8987
>Direct: 708-362-1418 (Outside the US and Canada)
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > kasturi cisco
> > Sent: Thursday, January 29, 2004 9:59 PM
> > To: ccie2b@hotmail.com; ccielab@groupstudy.com
> > Subject: RE: Using Key chains
> >
> > Hi,
> >
> > I think it works as follows:
> >
> > Multiple keys are used for roll over so that if first key is invalid
>with
> > time (defined by accept and send-lifetime) then the second key in list
> > going to be used.
> >
> > The routing protcols have the interface associated with the key-chain
> > only with both RIP and EIGRP. The key-id is locally significant but the
> > routing protocol uses or starts the auth process with the loewst key #
>or
> > key id. Then based on this it uses the corresponding key-string to
> > authenticate. The key-strings should match for successful
>authentication.
> >
> > So when u have a key chain with keys like u have defined what would
> > happen is key 1 will be used at both ends and assuming both are valid
>the
> > key-strings configured would be sent/expected from other end. Since they
> > dont match it will fail.
> >
> > Good Luck,
> > Kasturi.
> >
> > ------------------------------------------------------------------------
> >
> > Easiest Money Transfer to India. Send Money To 6000 Indian Towns.
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Packet Man: "RE: Using Key chains"
• Previous message: Brian Dennis: "RE: Using Key chains"
• Maybe in reply to: Packet Man: "Using Key chains"
• Next in thread: Packet Man: "RE: Using Key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:52 GMT-3