From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Fri Sep 01 2006 - 03:56:52 ART
You should apply this logic to all features/technologies. You shouldn't
apply a command that replies on another command without the second
command being defined first. Example: Applying an access-list to an
interface before the access-list has been defined in the global
configuration. Applying a route-map to redistribution before the
route-map has been defined.
A lot of commands are what I call "binding" commands. These commands
"bind" one part of the configuration to another (i.e. like the examples
above). Any command that binds (i.e. ip access-group, ip rip
authentication key-chain, redistribute connected route-map, etc) should
not be applied before the portion of the configuration that you are
binding has been defined. Define before you bind ;-)
Now most of the time order of operations will not matter but you will
find when you always take order of operations into consideration life
will be a lot easier. Also you don't want the one time that order of
operations matters to be when you are in the real CCIE lab ;-)
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: ocsic@web.de [mailto:ocsic@web.de]
Sent: Thursday, August 31, 2006 11:41 PM
To: Brian Dennis; Cisco certification
Subject: Re: Rip authentication problem
Brian Dennis schrieb:
I could not find any errors in the config, but this is the right hint. I
have already solved the problem, as i found out, as you also say, that
you have to apply the interface configuration always after the key
config.
Frank
> Frank,
> Did you by chance apply the interface level command before the
key
> chain was configured? Or possibly did you change something with the
> key chain while the interface level command was applied?
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Frank
> Sent: Thursday, August 31, 2006 11:01 PM
> To: Victor Cappuccio; Cisco certification
> Subject: Re: Rip authentication problem
>
> Victor Cappuccio schrieb:
>
>
>
>
> I glad. This did the trick.
>
> But how could this be? Is it documented somewhere? Or maybe i better
> don't ask. Thats strange. You never see, what you have typed first.
> I'm currently trying to get a deeper understanding, but this really
> throws me off.
>
> I removed the rip authentication from the interfaces and re-applied
it.
> And now
> it works. I even did not had to reboot.
>
> A really hope there are not many more things like this out there.
> But i'm guessing ... :-) Oh come one.
>
> Frank
>
>
>
>
>> 8-) Say Thanks to Brian Dennis (Excellent Instructor BTW) for that
>> hint, I learn that from one of this post
>>
>> Now try to remove the Authentication part and re-apply it, reboot
>> your
>>
>
>
>> routers, etc...
>>
>> Victor.-
>>
>>
>>
>> -----Mensaje original-----
>> De: ocsic@web.de [mailto:ocsic@web.de] Enviado el: Viernes, 01 de
>> Septiembre de 2006 01:43 a.m.
>> Para: Victor Cappuccio
>> CC: 'Cisco certification'
>> Asunto: Re: Rip authentication problem
>>
>> Victor Cappuccio schrieb:
>>
>> Hi Victor,
>>
>> this is a great hint to check white space. I did this on my two
>>
> routers:
>
>> R6#s | in CISCO $
>> R6#s | in CISCO$
>> key-string CISCO
>> R6#
>>
>> R1#s | in CISCO $
>> R1#s | in CISCO$
>> key-string CISCO
>> neighbor 192.10.1.254 password CISCO
>> R1#
>>
>> Which reveals also a neigbor statement, but this is from a bgp
>> configurations.
>>
>> So this was great help, but now tells me, i was right with
withspaces.
>> There are none. Well i really don't know where to look. I find it
>> also
>>
>
>
>> strange, that R6 is saying it receives MD5 and R1 is not telling
that.
>>
>> Frank
>>
>>
>>
>>
>>> At Router6 you have a space in the password in the key chain Try
>>> this
>>>
>
>
>>> Enter configuration commands, one per line. End with CNTL/Z.
>>> Rack3Sw2(config)#key chain RIP
>>> Rack3Sw2(config-keychain)# key 1
>>> Rack3Sw2(config-keychain-key)# key-string CISCO
>>> Rack3Sw2(config-keychain-key)#^Z Rack3Sw2#
>>> 2d01h: %SYS-5-CONFIG_I: Configured from console by console
>>> Rack3Sw2#show run | in CISCO$
>>> key-string CISCO
>>> Rack3Sw2#show run | in CISCO $
>>>
>>>
>>> Grazie
>>> Victor.-
>>>
>>>
>>>
>>> -----Mensaje original-----
>>> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre
>>> de
>>>
>>>
>> Frank
>>
>>
>>> Enviado el: Viernes, 01 de Septiembre de 2006 01:04 a.m.
>>> Para: Cisco certification
>>> Asunto: Rip authentication problem
>>>
>>> Hi,
>>>
>>> i have a strange problem, that's driving me nuts. I configured RIP
>>> authentication between two routers. And i have checked the
>>> configuration many times, i can
>>>
> see
>
>>> no error on this.
>>> Checked whitespace in the passwords. Both routers are restarted
also.
>>>
>>> "debug ip rip" tells me still:
>>>
>>> R1 (c2600-ik9o3s3-mz.123-10a.bin) says:
>>> *Mar 1 00:33:25.651: RIP: ignored v2 packet from 192.10.1.6
>>> (invalid
>>>
>
>
>>> authentication)
>>> *Mar 1 00:33:25.651: RIP: ignored v2 packet from 192.10.1.6
>>> (invalid
>>>
>
>
>>> authentication)
>>>
>>> R6 (c2600-ik9o3s3-mz.123-10a.bin): says:
>>> *Mar 1 00:06:27.779: RIP: received packet with MD5 authentication
>>> *Mar 1 00:06:27.779: RIP: ignored v2 packet from 192.10.1.1
>>> (invalid
>>>
>
>
>>> authentication)
>>> *Mar 1 00:06:27.779: RIP: received packet with MD5 authentication
>>> *Mar 1 00:06:27.779: RIP: ignored v2 packet from 192.10.1.1
>>> (invalid
>>>
>
>
>>> authentication)
>>>
>>>
>>> and i can't see routes are installed.
>>>
>>> Could someone give me a hint, on how to debug this in a better way?
>>> Seems line R6 is
>>> even not sending md5 authentication. Is it an IOS bug?
>>>
>>> R1:
>>>
>>> key chain RIP
>>> key 1
>>> key-string CISCO
>>>
>>> interface FastEthernet0/0
>>> ip address 192.10.1.1 255.255.255.0 ip rip authentication mode md5
>>> ip rip authentication key-chain RIP
>>>
>>> router rip
>>> version 2
>>> redistribute eigrp 200 metric 1
>>> network 192.10.1.0
>>> neighbor 192.10.1.254
>>> neighbor 192.10.1.6
>>> no auto-summary
>>>
>>> R6:
>>>
>>> key chain RIP
>>> key 1
>>> key-string CISCO
>>>
>>> interface Ethernet0/0
>>> ip address 192.10.1.6 255.255.255.0 ip rip authentication mode md5
>>> ip rip authentication key-chain RIP
>>>
>>> router rip
>>> version 2
>>> network 54.0.0.0
>>> network 150.1.0.0
>>> network 162.1.0.0
>>> network 192.10.1.0
>>> neighbor 192.10.1.1
>>> neighbor 192.10.1.254
>>> no auto-summary
>>>
>>>
>>> Thank you,
>>>
>>> Frank
>>>
>>>
>>>
> ______________________________________________________________________
> _
>
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
> ______________________________________________________________________
> _
>
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART