RE: Using Key chains

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Jan 30 2004 - 11:18:56 GMT-3

• Next message: balaji.balakrishnan: "Re: Cisco HSRP behavior"
• Previous message: iwan: "ISDN question"
• Maybe in reply to: Packet Man: "Using Key chains"
• Next in thread: Brian Dennis: "RE: Using Key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        The key number is not locally significant. It's used as a seed/salt
for the MD5 hash of the key-string. If the key number does not match on
both sides authentication will not be successful.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> kasturi cisco
> Sent: Thursday, January 29, 2004 9:59 PM
> To: ccie2b@hotmail.com; ccielab@groupstudy.com
> Subject: RE: Using Key chains
>
> Hi,
>
> I think it works as follows:
>
> Multiple keys are used for roll over so that if first key is invalid with
> time (defined by accept and send-lifetime) then the second key in list
> going to be used.
>
> The routing protcols have the interface associated with the key-chain
> only with both RIP and EIGRP. The key-id is locally significant but the
> routing protocol uses or starts the auth process with the loewst key # or
> key id. Then based on this it uses the corresponding key-string to
> authenticate. The key-strings should match for successful authentication.
>
> So when u have a key chain with keys like u have defined what would
> happen is key 1 will be used at both ends and assuming both are valid the
> key-strings configured would be sent/expected from other end. Since they
> dont match it will fail.
>
> Good Luck,
> Kasturi.
>
> ------------------------------------------------------------------------
>
> Easiest Money Transfer to India. Send Money To 6000 Indian Towns.
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: balaji.balakrishnan: "Re: Cisco HSRP behavior"
• Previous message: iwan: "ISDN question"
• Maybe in reply to: Packet Man: "Using Key chains"
• Next in thread: Brian Dennis: "RE: Using Key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:52 GMT-3