From: Pickell, Aaryn (Aaryn.Pickell@xxxxxxxxxxxxx)
Date: Mon May 21 2001 - 19:22:58 GMT-3
Jon,
When you enter the key-string, don't preceed it with the encryption
type.
> key chain SPANKY
> key 1
> key-string 7 fred
Just use "key-string fred" without the 7. The letters "fred" are being
decrypted to some other string that is being sent, instead of "fred". In
theory, if you use the 7 on both sides, it'll still work, but if you have
the 7 on one side and no 7 on the other, you'll never get it going.
I'll have to agree with Chris; please post the config for the other
side. Let's check that the key-strings are entered correctly (no blank
space, etc.).
Aaryn Pickell - CCNP ATM, CCDP, MCSE
Senior Engineer - Routing Protocols
Getronics Inc.
Direct: 713-394-1609
Email:aaryn.pickell@getronics.com
This e-mail message and any attachments are confidential and may be
privileged. If you are not the intended recipient, please notify me
immediately by replying to this message and please destroy all copies of
this message and attachments. Thank you.
> -----Original Message-----
> From: Jon Carmichael [mailto:jonc@pacbell.net]
> Sent: Monday, May 21, 2001 3:46 PM
> To: ccielab@groupstudy.com
> Subject: RIP2 authentication with the key-chains.
>
>
> Working Lab 7.
>
> Trying to make RIPV2 authentication work with key-chains and
> MD5, --I have
> both ends configured identically, --I have tried more than
> one key chain in
> case I made an invisible char typo, -same result. Configs
> and debugs to
> follow.
>
> !
> hostname Lab7-R2
> !
> !
> no ip domain-lookup
> !
> key chain RIPAUTH
> key 1
> key-string 7 fred
> key chain SPANKY
> key 1
> key-string 7 fred
> !
> interface Ethernet0
> ip address 10.14.0.1 255.255.255.0
> !
> interface Serial0
> ip address 10.101.1.2 255.255.0.0
> encapsulation frame-relay
> ip ospf priority 0
> frame-relay interface-dlci 410
> !
> interface Serial1
> ip address 10.21.1.1 255.255.0.0
> ip rip authentication mode md5
> ip rip authentication key-chain SPANKY
> encapsulation ppp
> !
> interface TokenRing0
> ip address 192.168.3.1 255.255.255.0
> shutdown
> ring-speed 16
> !
> router ospf 1
> redistribute rip metric 22 subnets route-map RIP2OSPF
> network 10.101.1.2 0.0.0.0 area 0
> network 10.14.0.1 0.0.0.0 area 2
> default-information originate metric 200 metric-type 1
> !
>
> Lab7-R2#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> Lab7-R2(config)#debug ip rip
> ^
> % Invalid input detected at '^' marker.
>
> Lab7-R2(config)#end
> Lab7-R2#debug ip r
> %SYS-5-CONFIG_I: Configured from console by console
> Lab7-R2#debug ip rip
> RIP protocol debugging is on
> Lab7-R2#
> RIP: received packet with MD5 authentication
> RIP: ignored v2 packet from 10.21.1.2 (invalid authentication)
> RIP: sending v2 update to 224.0.0.9 via Ethernet0 (10.14.0.1)
> 10.3.0.0/16 -> 0.0.0.0, metric 2, tag 0
> 10.21.1.2/32 -> 0.0.0.0, metric 1, tag 0
> 10.21.0.0/16 -> 0.0.0.0, metric 1, tag 0
> 10.100.0.0/16 -> 0.0.0.0, metric 2, tag 0
> 10.101.0.0/16 -> 0.0.0.0, metric 1, tag 0
> RIP: sending v2 update to 224.0.0.9 via Serial1 (10.21.1.1)
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:48 GMT-3