From: John Underhill (steppenwolfe_2000@yahoo.com)
Date: Thu Jun 05 2003 - 14:54:23 GMT-3
You may have a network statement that is covering both
tunnel and serial interfaces, causing a loop. If you
are using the serial interface as ip and connection,
you have to make the serial interface passive on both
routers. Works for me. Like so..
CPod1R1#sh ip rou
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial0/1
C 192.168.1.0/24 is directly connected, Loopback0
R 192.169.1.0/24 [120/1] via 10.1.1.2, 00:00:10,
Tunnel0
key chain cisco
key 1
key-string cisco
interface Tunnel0
ip unnumbered Serial0/1
ip rip authentication mode md5
ip rip authentication key-chain cisco
tunnel source Serial0/1
tunnel destination 10.1.1.2
router rip
version 2
passive-interface default
no passive-interface Tunnel0
network 10.0.0.0
network 192.168.1.0
no auto-summary
CPod1R2#sh ip rou
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial0/1
R 192.168.1.0/24 [120/1] via 10.1.1.1, 00:00:06,
Tunnel0
C 192.169.1.0/24 is directly connected, Loopback0
key chain cisco
key 1
key-string cisco
call rsvp-sync
cns event-service server
interface Tunnel0
ip unnumbered Serial0/1
ip rip authentication mode md5
ip rip authentication key-chain cisco
tunnel source Serial0/1
tunnel destination 10.1.1.1
router rip
version 2
passive-interface default
no passive-interface Tunnel0
network 10.0.0.0
network 192.169.1.0
no auto-summary
--- Danny.Andaluz@triaton-na.com wrote: > I actually
did that and it fixed the problem, but it
> came right back. I had
> an underscore in the original password and then I
> changed it to "cisco". It
> fixed it and then it came right back.
>
> Thanks,
> Danny
>
> -----Original Message-----
> From: Ron [mailto:id353@singnet.com.sg]
> Sent: Thursday, June 05, 2003 3:09 AM
> To: Andaluz, Danilo, Triaton/NA;
> ccielab@groupstudy.com
> Subject: Re: RIP MD5 Authentication
>
>
> I do encountered this problem at times on my
> routers. Try deleting the
> previous key chain and configuring another with a
> simple password phase such
> as "123" on both end and try again.
>
> From CCIE <ccie@nc.rr.com> on 4 Jun 2003:
>
> > Try adding send lifetime and accept lifetime to
> the key. Make sure
> > date & time is lower value than your router clock
> >
> > key chain ccie
> > key 1
> > key-string test
> > accept-lifetime 00:00:00 Jan 1 1993 infinite
> > send-lifetime 00:00:00 Jan 1 1993 infinite
> >
> >
> > ----- Original Message -----
> > From: <Danny.Andaluz@triaton-na.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Wednesday, June 04, 2003 8:22 PM
> > Subject: RIP MD5 Authentication
> >
> >
> > > Hello, Group. I thought I learned something
> from my last post on
> > EIGRP
> > authentication, but apparently not. I checked for
> spaces and there
> > are none. The key chain names on each router are
> the same as well as
> > the string between the two. I still get the
> routes from R2 but R1
> > keeps telling me invalid authentication from 2.
> How can I get routes
> > from 2 if the authentication is failing???? See
> the output of the
> > debug.
> > >
> > > R2#debug ip rip event
> > > RIP event debugging is on
> > > R2#
> > > 02:09:47: RIP: received v2 update from 1.1.1.2
> on Tunnel1
> > > 02:09:47: RIP: Update contains 8 routes
> > > 02:09:47: RIP: ignored v2 packet from 1.1.1.2
> (invalid
> > > authentication) R2#
> > >
> > > R1
> > >
> > > key chain cisco
> > > key 1
> > > key-string cisco
> > >
> > > interface Tunnel1
> > > ip unnumbered Serial0.1
> > > ip rip authentication mode md5
> > > ip rip authentication key-chain cisco
> > > tunnel source Serial0.1
> > > tunnel destination 1.1.1.2
> > >
> > > R2
> > >
> > > key chain cisco
> > > key 1
> > > key-string cisco
> > > !
> > > interface Tunnel0
> > > ip unnumbered Serial0
> > > ip rip authentication mode md5
> > > ip rip authentication key-chain cisco
> > > tunnel source Serial0
> > > tunnel destination 1.1.1.1
> > >
> > >
> > >
> > >
> > >
> > >
> > > Danny Andaluz, CCNP
> > > Network Engineer
> > > Triaton, North America
> > > 908-541-6522
>
>
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:53 GMT-3