From: Doherty Kevin SSgt 325 CS/SCBN (Kevin.Doherty@xxxxxxxxxxxxxx)
Date: Sun Aug 26 2001 - 20:21:46 GMT-3
I would like to say hello to the group, I have been just lurking for a
couple of months now... This is really a great resource. I have a question
about EIGRP authentication. I have three routers connected with FR
hub-spoke, running EIGRP. Everything is working fine. Then I add on top of
the configuration the MD5 (key chain) authentication between the "hub"
router (R2) and only one of the spokes (R1). Works fine... they form
neighbors and exchange routing information. Problem is that the third
router (R3)(Which uses the same interface on the hub router to neighbor
with) also builds his neighbor connection and gets all of the routing
information from both of the other routers even though it is not using
MD5?!? I could understand that not all router in an AS need to use MD5 like
OSPF because of the interface specific commands, but this router hangs off
the same interface. Is it possible that you can neighbor with 2 routers on
the same interface, one with MD5 and one clear text??? Hope I explained
this okay...
Kevin Doherty, CCNP,CCDP,NNCSS
Network Engineer
R1------FR Switch--------R3
DLCI 100 l DLCI 200
l
l
R2
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
key chain cisco
key 1
key-string test
accept-lifetime 12:00:00 Aug 20 2001 infinite
send-lifetime 12:00:00 Aug 20 2001 infinite
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0
ip address 192.168.0.3 255.255.255.0
shutdown
!
interface Serial0
ip address 192.1.1.1 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 cisco
encapsulation frame-relay
frame-relay map ip 192.1.1.2 100 broadcast
frame-relay map ip 192.1.1.3 100 broadcast
!
interface Serial1
no ip address
shutdown
!
router eigrp 100
passive-interface Ethernet0
network 1.0.0.0
network 192.1.1.0
no auto-summary
no eigrp log-neighbor-changes
!
R2#show ru
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
key chain cisco
key 1
key-string test
accept-lifetime 12:00:00 Aug 20 2001 infinite
send-lifetime 12:00:00 Aug 20 2001 infinite
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
no ip directed-broadcast
!
interface Ethernet0
ip address 192.168.0.180 255.255.255.0
no ip directed-broadcast
!
interface Serial0
ip address 192.1.1.2 255.255.255.0
no ip directed-broadcast
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 cisco
encapsulation frame-relay
no ip split-horizon eigrp 100
no ip mroute-cache
no fair-queue
frame-relay map ip 192.1.1.1 100 broadcast
frame-relay map ip 192.1.1.3 200 broadcast
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
router eigrp 100
passive-interface Ethernet0
passive-interface Loopback0
network 2.0.0.0
network 192.1.1.0
network 192.168.0.0
no auto-summary
!
R3#show ru
Building configuration...
Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname R3
!
ip subnet-zero
no ip domain-lookup
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial0
ip address 192.1.1.3 255.255.255.0
encapsulation frame-relay
no fair-queue
frame-relay map ip 192.1.1.1 200 broadcast
frame-relay map ip 192.1.1.2 200 broadcast
!
interface Serial1
no ip address
shutdown
!
interface TokenRing0
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
!
router eigrp 100
network 192.1.1.0
network 3.0.0.0
!
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:58 GMT-3