RE: rip key chains

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Wed Jun 21 2006 - 01:56:00 ART

• Next message: Jian Gu: "Re: Q: EtherChannel"
• Previous message: Tim Chan: "re: rip key chains"
• Maybe in reply to: Tim Chan: "rip key chains"
• Next in thread: Scott Morris: "RE: rip key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You are getting the expected results with your configuration. RIP does
not negotiate the keys used for authentication so with your
configuration one of the spokes will not be accepting the RIP routes
from the hub. The hub will be able to receive RIP updates from both
spokes since it has both keys configured but the hub will only send with
one of the keys.

You can add this configuration below to R2 so that it can receive RIP
updates from R1 (hub):

key chain test
 key 2
  key-string cisco2
 key 3
  key-string cisco

HTH,

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tim Chan
Sent: Tuesday, June 20, 2006 9:30 PM
To: ccielab@groupstudy.com
Subject: rip key chains

I'm trying to setup RIP authentication with 3 routers, R1, R2, and R3.
R1 being the hub and R2/R3 are the spokes via f/r. If I setup both
spokes with the same key # and password, it all works. But when I make
one of the spokes with a different key, it fails. I reverse R2 and R3,
and the problem follows the router trying to authenticate with the
second key #. I have tried both clear text and MD5 with the same
results. What am I doing wrong?

On R1 I have:
key chain test
 key 1
  key-string cisco
 key 2
  key-string cisco2

interface Serial0/0.2 multipoint
 ip address 150.50.100.1 255.255.255.0
 ip rip authentication key-chain test
 frame-relay map ip 150.50.100.2 102 broadcast frame-relay map ip
150.50.100.3 103 broadcast

R2:
key chain test
 key 2
  key-string cisco2

interface Serial1/3
 ip address 150.50.100.2 255.255.255.0
 ip rip authentication key-chain test
 encapsulation frame-relay
 frame-relay map ip 150.50.100.1 201 broadcast

R3:
key chain test
 key 1
  key-string cisco

interface Serial1/0
 ip address 150.50.100.3 255.255.255.0
 ip rip authentication key-chain test
 encapsulation frame-relay
 frame-relay map ip 150.50.100.1 301 broadcast

Thanks for your help.
-tim

                 
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
rates starting at 1"/min.

• Next message: Jian Gu: "Re: Q: EtherChannel"
• Previous message: Tim Chan: "re: rip key chains"
• Maybe in reply to: Tim Chan: "rip key chains"
• Next in thread: Scott Morris: "RE: rip key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART