RE: Authentication for RIP updates - IE workbook

From: Scott Morris (swm@emanon.com)
Date: Wed Feb 21 2007 - 14:11:12 ART

Sorry for chiming in late here. What IOS version are you running?

I have heard from multiple people that they have seen mixed results about
whether the lifetime on the keychain is required any longer or not. It used
to be required, so in that case you WOULD get the error. If you don't see
the error, and you DO see all your routes, then apparantly life is just
dandy.

;)
 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
jennytan
Sent: Wednesday, February 21, 2007 9:58 AM
To: Marvin Greenlee
Cc: Victor Cappuccio; Cisco certification
Subject: Re: Authentication for RIP updates - IE workbook

Ok. It's better now. I am not getting any update from bad source, other than
"sourced from one of our addresses". The cause for the bad source was that I
didn't have vlan and port assignment correctly configured.

However, I am still not getting "Invalid Authentication", which I was told I
should be getting without setting the lifetime..

RIP event debugging is on
R2#
*Feb 21 14:47:11.614: RIP: sending v2 update to 224.0.0.9 via
Serial0/0/0.256 (150.50.100.2)
*Feb 21 14:47:11.614 : RIP: Update contains 17 routes *Feb 21 14:47:11.614:
RIP: Update queued *Feb 21 14:47:11.614: RIP: Update sent via
Serial0/0/0.256 *Feb 21 14:47:23.002: RIP: received v2 update from
150.50.17.1 on FastEthernet0/0 *Feb 21 14:47:23.002: RIP: Update contains 3
routes *Feb 21 14:47:29.078: RIP: sending v2 update to 255.255.255.255 via
FastEthernet0/0 ( 150.50.17.2) *Feb 21 14:47:29.078: RIP: Update contains 14
routes *Feb 21 14:47:29.078: RIP: Update queued *Feb 21 14:47:29.078: RIP:
Update sent via FastEthernet0/0 *Feb 21 14:47:29.730: RIP: received v2
update from 150.50.9.5 on Serial0/0/1 *Feb 21 14:47:29.730: RIP: Update
contains 10 routes *Feb 21 14:47:32.822: RIP: sending v2 update to 224.0.0.9
via Serial0/0/1 (
150.50.9.2)
*Feb 21 14:47:32.822: RIP: Update contains 9 routes *Feb 21 14:47:32.822:
RIP: Update queued *Feb 21 14:47:32.822: RIP: Update sent via Serial0/0/1
*Feb 21 14:47:33.830 : RIP: sending v2 update to 224.0.0.9 via Loopback0 (
200.0.0.2)
*Feb 21 14:47:33.830: RIP: Update contains 17 routes *Feb 21 14:47:33.830:
RIP: Update queued *Feb 21 14:47:33.830: RIP: Update sent via Loopback0 *Feb
21 14:47:33.830: RIP: ignored v2 packet from 200.0.0.2 (sourced from one of
our addresses)

R4#
*Feb 21 14:48:54.102 : RIP: sending v2 update to 224.0.0.9 via Loopback0 (
200.0.0.4)
*Feb 21 14:48:54.102: RIP: Update contains 8 routes *Feb 21 14:48:54.102:
RIP: Update queued *Feb 21 14:48:54.102: RIP: Update sent via Loopback0 *Feb
21 14:48:54.102: RIP: ignored v2 packet from 200.0.0.4 (sourced from one of
our addresses) *Feb 21 14:49:21.698: RIP: sending v2 update to 224.0.0.9 via
Loopback0 (
200.0.0.4)
*Feb 21 14:49:21.698: RIP: Update contains 8 routes *Feb 21 14:49:21.698:
RIP: Update queued *Feb 21 14:49:21.698: RIP: Update sent via Loopback0 *Feb
21 14:49:21.698: RIP: ignored v2 packet from 200.0.0.4 (sourced from one of
our addresses)u all All possible debugging has been turned off R4#

R2#sho run | b router rip
router rip
 version 2
 no validate-update-source
 timers basic 30 180 0 240
 network 150.50.0.0
 network 200.0.0.0
 no auto-summary
!

R4#sho run | be router rip
router rip
 version 2
 no validate-update-source
 timers basic 30 180 0 240
 passive-interface FastEthernet0/0
 network 10.0.0.0
 network 150.50.0.0
 network 200.0.0.0
!
!

R2#sh running-config interface f0/0
Building configuration...

Current configuration : 117 bytes
!
interface FastEthernet0/0
 ip address 150.50.17.2 255.255.255.0
 ip rip v2-broadcast
 duplex auto
 speed auto
end

R4#sho run int f0/0
Building configuration...

Current configuration : 94 bytes
!
interface FastEthernet0/0
 ip address 10.10.1.4 255.255.255.0
 duplex auto
 speed auto
end

On 2/20/07, Marvin Greenlee <marvin@ipexpert.com> wrote:
>
> 03:25:11.228: RIP: ignored v2 update from bad source 150.50.7.5 on
> > FastEthernet0/0
> .584:
> > RIP: ignored v2 update from bad source 150.50.7.7
>
>
> You're showing bad update addresses, from .7.5 and .7.7 on the fa0/0
> interface. Is there a typo in your address, your fa0/0 shows .17.2
> for the last two octets?
>
> I would guess the invalid address is preventing the auth failure message.
> Try either changing the address of the interface or adding no validate
> update-source, and see if you see the authentication failure then.
>
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec) Senior Technical
> Instructor - IPexpert, Inc.
> "When Will You Be an IP Expert?"
> marvin@ipexpert.com
> http://www.IPexpert.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of jennytan
> Sent: Tuesday, February 20, 2007 10:57 PM
> To: Victor Cappuccio
> Cc: Cisco certification
> Subject: Re: Authentication for RIP updates - IE workbook
>
> R2#sho ip int brief
> Interface IP-Address OK? Method Status
> Protocol
> FastEthernet0/0 150.50.17.2 YES manual up
> up
> FastEthernet0/1 unassigned YES unset administratively
> down
> down
> Serial0/0/0 unassigned YES unset up
> up
> Serial0/0/0.24 150.50.24.2 YES manual up
> up
> Serial0/0/0.256 150.50.100.2 YES manual up
> up
> Serial0/0/1 150.50.9.2 YES manual up
> up
> Serial0/1/0 unassigned YES unset administratively
> down
> down
> Serial0/1/1 unassigned YES unset administratively
> down
> down
> Loopback0 200.0.0.2 YES manual up
> up
> R2#sho ip proto
> Routing Protocol is "rip"
> Outgoing update filter list for all interfaces is not set
> Incoming update filter list for all interfaces is not set
> Sending updates every 30 seconds, next due in 24 seconds
> Invalid after 180 seconds, hold down 0, flushed after 240
> Redistributing: rip
> Default version control: send version 2, receive version 2
> Interface Send Recv Triggered RIP Key-chain
> FastEthernet0/0 2 2
> Serial0/0/0.24 2 2 Yes R2toR4
> Serial0/0/0.256 2 2 R2toR5R6
> Serial0/0/1 2 2
> Loopback0 2 2
> Automatic network summarization is not in effect
> Maximum path: 4
> Routing for Networks:
> 150.50.0.0
> 200.0.0.0
> Routing Information Sources:
> Gateway Distance Last Update
> 150.50.9.5 120 00:00:11
> 150.50.17.1 120 00:00:17
> 150.50.24.4 120 00:03:02
> Distance: (default is 120)
>
> R2#
>
>
> R4#show ip route
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
> ia - IS-IS inter area, * - candidate default, U - per-user
> static route
> o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> 200.0.0.0/32 is subnetted, 6 subnets
> R 200.0.0.8 [120/8] via 150.50.24.2 , 00:01:59, Serial0/0/0.24
> R 200.0.0.1 [120/2] via 150.50.24.2, 00:01:59, Serial0/0/0.24
> R 200.0.0.2 [120/1] via 150.50.24.2, 00:01:59, Serial0/0/0.24
> C 200.0.0.4 is directly connected, Loopback0
> R 200.0.0.5 [120/2] via 150.50.24.2, 00:01:59, Serial0/0/0.24
> R 200.0.0.7 [120/3] via 150.50.24.2, 00:01:59, Serial0/0/0.24
> R 172.1.0.0/16 [120/2] via 150.50.24.2, 00:01:59, Serial0/0/0.24
> 10.0.0.0/24 is subnetted, 1 subnets
> C 10.10.1.0 is directly connected, FastEthernet0/0
> 150.50.0.0/16 is variably subnetted, 10 subnets, 4 masks
> R 150.50.6.128/25 [120/4] via 150.50.24.2 , 00:02:00, Serial0/0/0.24
> R 150.50.200.0/24 [120/2] via 150.50.24.2, 00:02:00, Serial0/0/0.24
> R 150.50.4.0/24 [120/4] via 150.50.24.2, 00:02:01, Serial0/0/0.24
> R 150.50.6.0/25 [120/3] via 150.50.24.2, 00:02:01, Serial0/0/0.24
> R 150.50.7.0/25 [120/2] via 150.50.24.2, 00:02:01, Serial0/0/0.24
> R 150.50.9.0/25 [120/1] via 150.50.24.2, 00:02:01, Serial0/0/0.24
> R 150.50.17.0/24 [120/1] via 150.50.24.2, 00:02:01, Serial0/0/0.24
> C 150.50.24.0/24 is directly connected, Serial0/0/0.24
> R 150.50.100.0/26 [120/1] via 150.50.24.2, 00:02:01, Serial0/0/0.24
> R 150.50.5.64/27 [120/3] via 150.50.24.2, 00:02:01, Serial0/0/0.24
> R4#sh ip proto
> Routing Protocol is "rip"
> Outgoing update filter list for all interfaces is not set
> Incoming update filter list for all interfaces is not set
> Sending updates every 30 seconds, next due in 26 seconds
> Invalid after 180 seconds, hold down 0, flushed after 240
> Redistributing: rip
> Default version control: send version 2, receive version 2
> Interface Send Recv Triggered RIP Key-chain
> Serial0/0/0.24 2 2 Yes R2toR4
> Loopback0 2 2
> Automatic network summarization is in effect
> Maximum path: 4
> Routing for Networks:
> 10.0.0.0
> 150.50.0.0
> 200.0.0.0
> Passive Interface(s):
> FastEthernet0/0
> Routing Information Sources:
> Gateway Distance Last Update
> 150.50.24.2 120 00:02:07
> Distance: (default is 120)
>
> R4#sh ip int brief
> Interface IP-Address OK? Method Status
> Protocol
> FastEthernet0/0 10.10.1.4 YES manual up
> up
> FastEthernet0/1 unassigned YES unset administratively
> down
> down
> Serial0/0/0 unassigned YES manual up
> up
> Serial0/0/0.24 150.50.24.4 YES manual up
> up
> Serial0/0/1 unassigned YES unset administratively
> down
> down
> Loopback0 200.0.0.4 YES manual up
> up
> R4#
>
> On 2/20/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
> >
> >
> > Hi, seems to me that you have other problem different than
> Authentication
> > My betis is that you musts configure
> >
> >
>
> http://www.cisco-gu.com/univercd/cc/td/doc/product/software/ios113ed/c
> s/cspr
> tn1/csrip.htm#xtocid2534115
> >
> > please show us your configurations, in order to avoid the guessing
> >
> > specifically:
> > show ip route rip
> > show ip proto
> > show ip int brief
> >
> >
> > thanks,
> > Victor Cappuccio.-
> > Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We
> > take Cisco Learning credits!
> > victor@ccbootcamp.com
> > http://www.ccbootcamp.com (Cisco Training and Rental Racks)
> > http://www.ccbootcamp.com/groupstudy.html (groupstudy member
> > discounts!)
> > Voice: 702-968-5100
> > FAX: 702-446-8012
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com on behalf of jennytan
> > Sent: Tue 2/20/2007 19:14
> > To: Cisco certification
> > Subject: Authentication for RIP updates - IE workbook
> >
> > I am working on IPExpert workbook. R2 and R4 are enabled for RIP
> > authentication. Below shows the debug ip rip event. Do you see
> > authentication error? According to the proctor guide, I should be
> > seeing invalid authentication.
> >
> > R2#
> > *Feb 21 03:25: 04.708: RIP: received v2 update from 150.50.24.4 on
> > Serial0/0/0.24
> > *Feb 21 03:25:04.712: RIP: Update contains 4 routes *Feb 21
> > 03:25:04.712: RIP: received v2 update from 150.50.24.4 on
> > Serial0/0/0.24
> > *Feb 21 03:25:04.712: RIP: Update contains 4 routes *Feb 21
> > 03:25:06.460: RIP: sending v2 update to 255.255.255.255 via
> > FastEthernet0/0 (150.50.17.2) *Feb 21 03:25:06.460: RIP: Update
> > contains 14 routes *Feb 21 03:25:06.460: RIP: Update queued *Feb 21
> > 03:25:06.460: RIP: Update sent via FastEthernet0/0 *Feb 21
> > 03:25:11.228: RIP: ignored v2 update from bad source 150.50.7.5on
> > FastEthernet0/0 *Feb 21 03:25:17.456: RIP: received v2 update from
> > 150.50.9.5 on
> > Serial0/0/1
> > *Feb 21 03:25:17.456: RIP: Update contains 10 routes *Feb 21
> > 03:25:18.332: RIP: sending v2 update to 224.0.0.9 via Loopback0
> (
> > 200.0.0.2)
> > *Feb 21 03:25:18.332: RIP: Update contains 17 routes *Feb 21
> > 03:25:18.332: RIP: Update queued *Feb 21 03:25:18.332: RIP: Update
> > sent via Loopback0 *Feb 21 03:25:18.332: RIP: ignored v2 packet from
> > 200.0.0.2 (sourced
> from
> > one of our addresses)
> > *Feb 21 03:25:20.584: RIP: ignored v2 update from bad source
> > 150.50.7.7on FastEthernet0/0 *Feb 21 03:25:20.612: RIP: sending v2
> > update to 224.0.0.9 via
> Serial0/0/1
> > (
> > 150.50.9.2)
> > *Feb 21 03:25:20.612: RIP: Update contains 9 routes *Feb 21
> > 03:25:20.612: RIP: Update queued *Feb 21 03:25:20.612: RIP: Update
> > sent via Serial0/0/1u all All possible debugging has been turned off
> >
> >
> > R4#
> > *Feb 21 03:26:01.272 : RIP: ignored v2 update from bad source
> 150.50.17.1on
> > FastEthernet0/0
> > *Feb 21 03:26:03.568: RIP: ignored v2 update from bad source
> > 150.50.7.6on FastEthernet0/0 *Feb 21 03:26:05.240: RIP: received v2
> > update from 150.50.24.2 on Serial0/0/0 *Feb 21 03:26:05.240: RIP:
> > Update contains 15 routes *Feb 21 03:26:08.424: RIP: ignored v2
> > update from bad source
> 150.50.17.2on
> > FastEthernet0/0
> > *Feb 21 03:26:11.800: RIP: sending v2 update to 224.0.0.9 via
> Serial0/0/0
> > (
> > 150.50.24.4)
> > *Feb 21 03:26: 11.800: RIP: Update contains 13 routes *Feb 21
> > 03:26:11.800: RIP: Update queued *Feb 21 03:26:11.800: RIP: Update
> > sent via Serial0/0/0 *Feb 21 03:26:15.876: RIP: ignored v2 update
> > from bad source 150.50.7.5on FastEthernet0/0 *Feb 21 03:26:19.028:
> > RIP: ignored v2 update from bad source 150.50.7.7on FastEthernet0/0
> > *Feb 21 03:26:19.372: RIP: sending v2 update to 224.0.0.9 via
> > Loopback0
> (
> > 200.0.0.4)
> > *Feb 21 03:26:19.372: RIP: Update contains 8 routes *Feb 21
> > 03:26:19.372: RIP: Update queued *Feb 21 03:26: 19.372: RIP: Update
> > sent via Loopback0 *Feb 21 03:26:19.372: RIP: ignored v2 packet from
> > 200.0.0.4 (sourced
> from
> > one of our addresses)u all
> > All possible debugging has been turned off
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART