From: Timothy Ouellette (timoue@xxxxxxxxx)
Date: Sat Jun 15 2002 - 01:47:42 GMT-3
Yeah, it is kind of interesting. What's more interesting is the following. I
think that when you define your key-chain and you put a space and the end that
it doesn't really take that. What I think is happening is that when you try to
apply it under the "ip rip authentication key test " with the space at the
end. You'll notice that if you type that in and press ? that you can do the
following "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" forever, does
that mean you can call multiple key-chains? I'm not sure, so what I think may
be happening is that space may be telling the router that there is another
key-chain following the first one and then it cannot find the next one (cuz
there isn't one) and that's why it fails.
I accept your statement about the key-chaings being locally significant, but
what about key id's? I remember reading somewhere that those have to be the
same such that if your using key 1 on routera, key 1 better be on routerb. Or
was that eigrp? I'll have to play "lab it up" a little more.
Tim
Nick Shah wrote:
> Tim,
>
> Very interesting Q.
>
> However, one thing, *key Chain* names are only locally significant (on the
> router on which its defined). *key string* should be same for "pair" of
> routers (or adjacent routers which are going to exchange updates). I have
> checked it at various sources, DOC CD under IP ROUTING PROTOCOL INDEPENDENT
> features, and also in RIPV2 chapter in Doyle I. Both have stated that key
> chain names are only locally significant, key-strings should be the same on
> both ends.
>
> My guess regarding the behaviour of blank space is that when you are
> defining key-chain , the space doesn't form a part of the actual name, but
> when you are applying it to the interface its being considered (it could
> also be the other way around).
>
> I will lab it up tonight and give it a check.
>
> rgds
> Nick
> ----- Original Message -----
> From: Timothy Ouellette <timoue@cogeco.ca>
> To: <cisco@groupstudy.com>; <ccielab@groupstudy.com>
> Sent: Saturday, June 15, 2002 1:15 PM
> Subject: RIP w/ key-chains
>
> > Okay folks, starting off a late night studying and noticed something
> > weird. Got two boxes connected like so RouterA-------RouterB
> >
> > Router B has a bunch of segments off of it. Something weird. Per some
> > of the material I have, the key chain names are supposed to be the same
> > but I've found that on routerA I can use the name "test" and router B I
> > can use the name "test2" and it'll work (i.e Routes get passed properly)
> >
> > Router A
> >
> > key chain test
> > key 1
> > key-string cisco
> >
> > ip rip authentication key test
> >
> > Router B
> > key chain test2
> > key 1
> > key-string cisco
> >
> > ip rip authentication test2
> >
> > But if on routerB, I change the key-chain name to "test ". (yes there is
> > a space at the end) and apply the appropriate "ip rip authentication
> > test " into the interface then the router spits back about it not liking
> > the authentication (invalid authentication)
> >
> > Am I loosing my mind. "test" and "test12345" are the same but "test"
> > and "test " are different? I know that in BGP, you can apply multiple
> > route-maps and if you leave a space at the end, the router things there
> > is another route-map your calling and therefor may not make it through.
> >
> > Thanks all!
> >
> > Tim
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:33 GMT-3