RE: Rip authentication problem

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Fri Sep 01 2006 - 03:29:32 ART

• Next message: Alex De Gruiter \(AU\): "RE: byte-count conversion"
• Previous message: Alex De Gruiter \(AU\): "RE: Tricky Mac ques."
• Maybe in reply to: Frank: "Rip authentication problem"
• Next in thread: Frank: "Re: Rip authentication problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Frank,
        Did you by chance apply the interface level command before the
key chain was configured? Or possibly did you change something with the
key chain while the interface level command was applied?

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Frank
Sent: Thursday, August 31, 2006 11:01 PM
To: Victor Cappuccio; Cisco certification
Subject: Re: Rip authentication problem

Victor Cappuccio schrieb:

I glad. This did the trick.

But how could this be? Is it documented somewhere? Or maybe i better
don't ask. Thats strange. You never see, what you have typed first. I'm
currently trying to get a deeper understanding, but this really throws
me off.

I removed the rip authentication from the interfaces and re-applied it.
And now
it works. I even did not had to reboot.

A really hope there are not many more things like this out there.
But i'm guessing ... :-) Oh come one.

Frank

> 8-) Say Thanks to Brian Dennis (Excellent Instructor BTW) for that
> hint, I learn that from one of this post
>
> Now try to remove the Authentication part and re-apply it, reboot your

> routers, etc...
>
> Victor.-
>
>
>
> -----Mensaje original-----
> De: ocsic@web.de [mailto:ocsic@web.de] Enviado el: Viernes, 01 de
> Septiembre de 2006 01:43 a.m.
> Para: Victor Cappuccio
> CC: 'Cisco certification'
> Asunto: Re: Rip authentication problem
>
> Victor Cappuccio schrieb:
>
> Hi Victor,
>
> this is a great hint to check white space. I did this on my two
routers:
>
> R6#s | in CISCO $
> R6#s | in CISCO$
> key-string CISCO
> R6#
>
> R1#s | in CISCO $
> R1#s | in CISCO$
> key-string CISCO
> neighbor 192.10.1.254 password CISCO
> R1#
>
> Which reveals also a neigbor statement, but this is from a bgp
> configurations.
>
> So this was great help, but now tells me, i was right with withspaces.
> There are none. Well i really don't know where to look. I find it also

> strange, that R6 is saying it receives MD5 and R1 is not telling that.
>
> Frank
>
>
>
>> At Router6 you have a space in the password in the key chain Try this

>> Enter configuration commands, one per line. End with CNTL/Z.
>> Rack3Sw2(config)#key chain RIP
>> Rack3Sw2(config-keychain)# key 1
>> Rack3Sw2(config-keychain-key)# key-string CISCO
>> Rack3Sw2(config-keychain-key)#^Z Rack3Sw2#
>> 2d01h: %SYS-5-CONFIG_I: Configured from console by console
>> Rack3Sw2#show run | in CISCO$
>> key-string CISCO
>> Rack3Sw2#show run | in CISCO $
>>
>>
>> Grazie
>> Victor.-
>>
>>
>>
>> -----Mensaje original-----
>> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
>>
> Frank
>
>> Enviado el: Viernes, 01 de Septiembre de 2006 01:04 a.m.
>> Para: Cisco certification
>> Asunto: Rip authentication problem
>>
>> Hi,
>>
>> i have a strange problem, that's driving me nuts. I configured RIP
>> authentication between
>> two routers. And i have checked the configuration many times, i can
see
>> no error on this.
>> Checked whitespace in the passwords. Both routers are restarted also.
>>
>> "debug ip rip" tells me still:
>>
>> R1 (c2600-ik9o3s3-mz.123-10a.bin) says:
>> *Mar 1 00:33:25.651: RIP: ignored v2 packet from 192.10.1.6 (invalid

>> authentication)
>> *Mar 1 00:33:25.651: RIP: ignored v2 packet from 192.10.1.6 (invalid

>> authentication)
>>
>> R6 (c2600-ik9o3s3-mz.123-10a.bin): says:
>> *Mar 1 00:06:27.779: RIP: received packet with MD5 authentication
>> *Mar 1 00:06:27.779: RIP: ignored v2 packet from 192.10.1.1 (invalid

>> authentication)
>> *Mar 1 00:06:27.779: RIP: received packet with MD5 authentication
>> *Mar 1 00:06:27.779: RIP: ignored v2 packet from 192.10.1.1 (invalid

>> authentication)
>>
>>
>> and i can't see routes are installed.
>>
>> Could someone give me a hint, on how to debug this in a better way?
>> Seems line R6 is
>> even not sending md5 authentication. Is it an IOS bug?
>>
>> R1:
>>
>> key chain RIP
>> key 1
>> key-string CISCO
>>
>> interface FastEthernet0/0
>> ip address 192.10.1.1 255.255.255.0
>> ip rip authentication mode md5
>> ip rip authentication key-chain RIP
>>
>> router rip
>> version 2
>> redistribute eigrp 200 metric 1
>> network 192.10.1.0
>> neighbor 192.10.1.254
>> neighbor 192.10.1.6
>> no auto-summary
>>
>> R6:
>>
>> key chain RIP
>> key 1
>> key-string CISCO
>>
>> interface Ethernet0/0
>> ip address 192.10.1.6 255.255.255.0
>> ip rip authentication mode md5
>> ip rip authentication key-chain RIP
>>
>> router rip
>> version 2
>> network 54.0.0.0
>> network 150.1.0.0
>> network 162.1.0.0
>> network 192.10.1.0
>> neighbor 192.10.1.1
>> neighbor 192.10.1.254
>> no auto-summary
>>
>>
>> Thank you,
>>
>> Frank
>>
>>

• Next message: Alex De Gruiter \(AU\): "RE: byte-count conversion"
• Previous message: Alex De Gruiter \(AU\): "RE: Tricky Mac ques."
• Maybe in reply to: Frank: "Rip authentication problem"
• Next in thread: Frank: "Re: Rip authentication problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART