RE: Using Key chains

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Fri Jan 30 2004 - 12:52:16 GMT-3

• Next message: Packet Man: "RE: Using Key chains"
• Previous message: rehan u nedaria: "(no subject)"
• Maybe in reply to: Packet Man: "Using Key chains"
• Next in thread: Packet Man: "RE: Using Key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

RIP (plain text and MD5):
key chain <key chain name> <-- DOES NOT need to match
 key <key ID> <-- DOES NOT need to match but needs to be active*
  key-string <key string> <-- DOES need to match

Note that although the key ID (key number) is exchanged in the RIPv2
messages for MD5 authentication, a router will accept a message with a
different key ID as long as the key string matches and the key is within its
accept-lifetime.

EIGRP:
key chain <key chain name> <-- DOES NOT need to match
 key <key ID> <-- DOES need to match and be active*
  key-string <key string> <-- DOES need to match

* This is in reference to the accept-lifetime for the particular key.

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Packet Man
Sent: Thursday, January 29, 2004 7:20 PM
To: kasturi_cisco@hotmail.com; ccielab@groupstudy.com
Subject: RE: Using Key chains

Hi,

Thanks for getting back to me.

If I understand you correctly then using multiple keys on a key chain is
only for the situation of migrating from one key to another. Is that
correct?

The reason I ask is because the scenario I was thinking about is this:

Assume you have a hub router with p2p connections to 5 spoke stub routers
and you have to use a different password on each link. Therefore, to
fulfill this requirement, the hub router has to have 5 different keys but
the spoke routers only need one key.

According to what you're saying, I would have to configure 5 different KEY
CHAINS each with one key instead of configuring 1 KEY CHAIN with 5 different

keys. Is that correct?

Thanks in advanced

>From: "kasturi cisco" <kasturi_cisco@hotmail.com>
>To: ccie2b@hotmail.com, ccielab@groupstudy.com
>Subject: RE: Using Key chains
>Date: Fri, 30 Jan 2004 02:58:31 +0000
>

• Next message: Packet Man: "RE: Using Key chains"
• Previous message: rehan u nedaria: "(no subject)"
• Maybe in reply to: Packet Man: "Using Key chains"
• Next in thread: Packet Man: "RE: Using Key chains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:52 GMT-3