From: Ivan (ivan@iip.net)
Date: Sat Jan 06 2007 - 07:40:40 ART
I don't sure, but think that key numberis sending in updates. Try to change
key 1 to key 2 in R2 config
key chain 1
key 2
key-string yasmin1
On Saturday 06 January 2007 09:35, ylara@sunsetlearning.com wrote:
> Is it possible to have one key chain with two keys and use it to
> authenticate two different neighbors on the same interface, but using two
> different keys?
>
> R1#show run
> !
>
> key chain 1
>
> key 1
>
> key-string yasmin
>
> key 2
>
> key-string yasmin1
>
> !
>
> interface FastEthernet0/1
>
> ip address 192.168.1.1 255.255.255.0
>
> ip rip authentication mode md5
>
> ip rip authentication key-chain 1
>
> !
>
> R2#show run
>
> !
>
> key chain 1
>
> key 1
>
> key-string yasmin1
>
> !
>
> interface FastEthernet0/0
>
> ip address 192.168.1.2 255.255.255.0
>
> ip rip authentication mode md5
>
> ip rip authentication key-chain 1
>
> !
>
> S1-CAT3560#show run
>
> !
>
> key chain 1
>
> key 1
>
> key-string yasmin
>
> !
>
> interface Vlan100
>
> ip address 192.168.1.10 255.255.255.0
>
> ip rip authentication mode md5
>
> ip rip authentication key-chain 1
>
> !
>
> router rip
>
> version 2
>
> network 192.168.1.0
>
> no auto-summary
>
>
> Only R1 and S1-3560 can exchange updates. It seems like R1 is only using
> key 1 to send and receive even though key 2 shows as valid.
>
> R1#show key chain
> Key-chain 1:
> key 1 -- text "yasmin"
> accept lifetime (always valid) - (always valid) [valid now]
> send lifetime (always valid) - (always valid) [valid now]
> key 2 -- text "yasmin1"
> accept lifetime (always valid) - (always valid) [valid now]
> send lifetime (always valid) - (always valid) [valid now]
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:55 ART