RE: RIP and EIGRP authentication Configs included

From: Brian McGahan (brian@xxxxxxxxxxxxxxx)
Date: Wed Aug 21 2002 - 21:49:28 GMT-3

• Next message: Jason Cash: "EIGRP / common subnet error msg"
• Previous message: sean@xxxxxxxxx: "Re: On-line scheduling tool"
• Maybe in reply to: Justin Cook: "RE: RIP and EIGRP authentication Configs included"
• Next in thread: Erick B.: "RE: RIP and EIGRP authentication Configs included"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
        This is a common problem, and luckily "show key chain" will
alert you as to whether or not there is a space in the key. The key
appears between quotes, as in the following output:

router#show key chain
Key-chain cisco:
    key 1 -- text "cisco"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
Key-chain ccie:
    key 1 -- text "ccie "
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

        You can see that the key chain ccie has a space after the word
ccie.

HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
http://www.cyscoexpert.com
Voice: 847.674.3392
Fax: 847.674.2625

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Przemyslaw Karwasiecki
Sent: Wednesday, August 21, 2002 7:17 PM
To: Justin Cook
Cc: ccielab@groupstudy.com
Subject: RE: RIP and EIGRP authentication Configs included

Justin,

I know that this will sound obvious, but once I had a similar
troubleshooting experience, and it turns out, that passwords
in key chain had trailing space on one router.

You will not see it, but it is there, hence passwords don't match.

Try using some debug commands and maybe they will give you a hint.

Przemek

On Wed, 2002-08-21 at 19:30, Justin Cook wrote:
> Tried again on different routers added neighbor commands here are the
> following configs the funny thing is it worked ok on serial
interfaces. Also
> can anyone confirm that Auth does not work on RIP ver 1 I noticed that
it
> would work when removed ver 2 command but the debug came back without
any
> authentication lines
>
> Router B Config
>
> ip subnet-zero
> no ip domain-lookup
> !
> !
> key chain kal
> key 1
> key-string 234
> !
> !
> !
> interface Loopback0
> ip address 172.16.1.6 255.255.255.255
> !
> interface FastEthernet0/0
> ip address 192.168.10.2 255.255.255.0
> ip rip authentication mode md5
> ip rip authentication key-chain kal
> no ip route-cache
> no ip mroute-cache
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> ip address 192.168.20.1 255.255.255.240
> duplex auto
> speed auto
> !
> router rip
> version 2
> passive-interface FastEthernet0/1
> network 192.168.10.0
> network 192.168.20.0
> neighbor 192.168.10.1
> no auto-summary
> !
> ip classless
> ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> login
> !
> end
>
>
> Router F Config
>
> ip subnet-zero
> !
> key chain kal
> key 1
> key-string 234
> !
> !
> !
> interface Loopback0
> ip address 172.16.1.2 255.255.255.255
> !
> interface FastEthernet0/0
> ip address 192.168.10.1 255.255.255.0
> ip rip authentication mode md5
> ip rip authentication key-chain kal
> no ip route-cache
> no ip mroute-cache
> duplex auto
> speed auto
> !
> interface Serial0/0
> !
> router rip
> version 2
> passive-interface Serial0/0
> network 192.168.1.0
> network 192.168.10.0
> neighbor 192.168.10.2
> no auto-summary
> !
> ip classless
>
>
> Versions
>
> Router F
>
> ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
>
> RouterF uptime is 20 hours, 15 minutes
> System returned to ROM by power-on
> System image file is "flash:c2600-d-mz.121-10a.bin"
>
> Router B
>
> ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
>
> RouterB uptime is 20 hours, 15 minutes
> System returned to ROM by power-on
> System image file is "flash:c2600-d-mz.121-10a.bin"
>
> Errors
>
> 20:16:30: RIP: received packet with MD5 authentication
> 20:16:30: RIP: ignored v2 packet from 192.168.10.2 (invalid
authentication)
> 20:16:30: RIP: received packet with MD5 authentication
> 20:16:30: RIP: ignored v2 packet from 192.168.10.2 (invalid
authentication)
>
>
>
> --
> Justin Cook
> Systems Consultant
> MCSE +I, CCDP, CCNP(Security, Voice)
> Computerland Wellington
>
>
> -----Original Message-----
> From: kasturi cisco [mailto:kasturi_cisco@hotmail.com]
> Sent: Thursday, 22 August 2002 6:46 a.m.
> To: Justin.Cook@computerland.co.nz
> Subject: Re: RIP and EIGRP authentication
>
> Nothing to the best of my knowledge.There are some bugs with some IOS
> versions so just check up with your version.
> Also ensure that u dont have white space after password,case
> sensitivity,same key # etc,are all taken care of as possible issues.
> Soemtimes without NTP it does not work.
> HTH. Let us know what u find.
> Good Luck, <http://graphics.hotmail.com/emthup.gif>
> Kasturi.
> >From: Justin Cook
> >Reply-To: Justin Cook
> >To: ccielab@groupstudy.com
> >Subject: RIP and EIGRP authentication
> >Date: Wed, 21 Aug 2002 16:26:10 +1200
> >
> >I am having trouble setting up RIP and EIGRP authentication between 2

> >routers
> >
> >I was able to get RIP auth working between 2 serial ports (PPP)
> >
> >But unable to get either working over Ethernet or Fast Ethernet is
their
> >anything different that needs to be configured between the 2 media
> >
> >
> >Thanks in advance
> >
> >Justin Cook

• Next message: Jason Cash: "EIGRP / common subnet error msg"
• Previous message: sean@xxxxxxxxx: "Re: On-line scheduling tool"
• Maybe in reply to: Justin Cook: "RE: RIP and EIGRP authentication Configs included"
• Next in thread: Erick B.: "RE: RIP and EIGRP authentication Configs included"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:32 GMT-3