From: Nick Shah (nshah@xxxxxxxxxxxxxx)
Date: Sat Jun 15 2002 - 02:25:10 GMT-3
multiple key-id's are meant for *transition* stages, when you are changing
the authentication keys. Or, you have configured automatic change of keys
beginning certain date/time. However, I think that if key-id 1 has a value
"cisco" the other end better have a key-id 1 value "cisco" or else it wont
work.
So what you are saying is correct regarding key-id's.
The "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" seems a peculiar
behaviour... I guess this is one more thing that we need to lab up and
check.
rgds
Nick
----- Original Message -----
From: Timothy Ouellette <timoue@cogeco.ca>
To: Nick Shah <nshah@connect.com.au>
Cc: <cisco@groupstudy.com>; <ccielab@groupstudy.com>;
<carl.newman@elynxtech.com>
Sent: Saturday, June 15, 2002 2:47 PM
Subject: Re: RIP w/ key-chains
> Yeah, it is kind of interesting. What's more interesting is the following.
I
> think that when you define your key-chain and you put a space and the end
that
> it doesn't really take that. What I think is happening is that when you
try to
> apply it under the "ip rip authentication key test " with the space at the
> end. You'll notice that if you type that in and press ? that you can do
the
> following "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" forever,
does
> that mean you can call multiple key-chains? I'm not sure, so what I think
may
> be happening is that space may be telling the router that there is another
> key-chain following the first one and then it cannot find the next one
(cuz
> there isn't one) and that's why it fails.
>
> I accept your statement about the key-chaings being locally significant,
but
> what about key id's? I remember reading somewhere that those have to be
the
> same such that if your using key 1 on routera, key 1 better be on
routerb. Or
> was that eigrp? I'll have to play "lab it up" a little more.
>
> Tim
>
> Nick Shah wrote:
>
> > Tim,
> >
> > Very interesting Q.
> >
> > However, one thing, *key Chain* names are only locally significant (on
the
> > router on which its defined). *key string* should be same for "pair" of
> > routers (or adjacent routers which are going to exchange updates). I
have
> > checked it at various sources, DOC CD under IP ROUTING PROTOCOL
INDEPENDENT
> > features, and also in RIPV2 chapter in Doyle I. Both have stated that
key
> > chain names are only locally significant, key-strings should be the same
on
> > both ends.
> >
> > My guess regarding the behaviour of blank space is that when you are
> > defining key-chain , the space doesn't form a part of the actual name,
but
> > when you are applying it to the interface its being considered (it could
> > also be the other way around).
> >
> > I will lab it up tonight and give it a check.
> >
> > rgds
> > Nick
> > ----- Original Message -----
> > From: Timothy Ouellette <timoue@cogeco.ca>
> > To: <cisco@groupstudy.com>; <ccielab@groupstudy.com>
> > Sent: Saturday, June 15, 2002 1:15 PM
> > Subject: RIP w/ key-chains
> >
> > > Okay folks, starting off a late night studying and noticed something
> > > weird. Got two boxes connected like so RouterA-------RouterB
> > >
> > > Router B has a bunch of segments off of it. Something weird. Per some
> > > of the material I have, the key chain names are supposed to be the
same
> > > but I've found that on routerA I can use the name "test" and router B
I
> > > can use the name "test2" and it'll work (i.e Routes get passed
properly)
> > >
> > > Router A
> > >
> > > key chain test
> > > key 1
> > > key-string cisco
> > >
> > > ip rip authentication key test
> > >
> > > Router B
> > > key chain test2
> > > key 1
> > > key-string cisco
> > >
> > > ip rip authentication test2
> > >
> > > But if on routerB, I change the key-chain name to "test ". (yes there
is
> > > a space at the end) and apply the appropriate "ip rip authentication
> > > test " into the interface then the router spits back about it not
liking
> > > the authentication (invalid authentication)
> > >
> > > Am I loosing my mind. "test" and "test12345" are the same but "test"
> > > and "test " are different? I know that in BGP, you can apply
multiple
> > > route-maps and if you leave a space at the end, the router things
there
> > > is another route-map your calling and therefor may not make it
through.
> > >
> > > Thanks all!
> > >
> > > Tim
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:33 GMT-3