From: Frank (ocsic@web.de)
Date: Fri Sep 01 2006 - 04:21:07 ART
Brian Dennis schrieb:
Hi,
thanks for the nice explanation. For sure not i want to find it out on
the ccie lab.
I just find it hard to understand. Even after a reboot, it's still in
there and there
is no way to see that from the config. But i will try to interanlize
this for working
in common. One step after the other. :-) Just sometimes, you try out
things and
after that, you don't know where you started.
Frank
> You should apply this logic to all features/technologies. You shouldn't
> apply a command that replies on another command without the second
> command being defined first. Example: Applying an access-list to an
> interface before the access-list has been defined in the global
> configuration. Applying a route-map to redistribution before the
> route-map has been defined.
>
> A lot of commands are what I call "binding" commands. These commands
> "bind" one part of the configuration to another (i.e. like the examples
> above). Any command that binds (i.e. ip access-group, ip rip
> authentication key-chain, redistribute connected route-map, etc) should
> not be applied before the portion of the configuration that you are
> binding has been defined. Define before you bind ;-)
>
> Now most of the time order of operations will not matter but you will
> find when you always take order of operations into consideration life
> will be a lot easier. Also you don't want the one time that order of
> operations matters to be when you are in the real CCIE lab ;-)
>
> HTH,
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
>
> -----Original Message-----
> From: ocsic@web.de [mailto:ocsic@web.de]
> Sent: Thursday, August 31, 2006 11:41 PM
> To: Brian Dennis; Cisco certification
> Subject: Re: Rip authentication problem
>
> Brian Dennis schrieb:
>
> I could not find any errors in the config, but this is the right hint. I
> have already solved the problem, as i found out, as you also say, that
> you have to apply the interface configuration always after the key
> config.
>
>
> Frank
>
>> Frank,
>> Did you by chance apply the interface level command before the
>>
> key
>
>> chain was configured? Or possibly did you change something with the
>> key chain while the interface level command was applied?
>>
>> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>> bdennis@internetworkexpert.com
>>
>> Internetwork Expert, Inc.
>> http://www.InternetworkExpert.com
>> Toll Free: 877-224-8987
>> Direct: 775-745-6404 (Outside the US and Canada)
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>> Of Frank
>> Sent: Thursday, August 31, 2006 11:01 PM
>> To: Victor Cappuccio; Cisco certification
>> Subject: Re: Rip authentication problem
>>
>> Victor Cappuccio schrieb:
>>
>>
>>
>>
>> I glad. This did the trick.
>>
>> But how could this be? Is it documented somewhere? Or maybe i better
>> don't ask. Thats strange. You never see, what you have typed first.
>> I'm currently trying to get a deeper understanding, but this really
>> throws me off.
>>
>> I removed the rip authentication from the interfaces and re-applied
>>
> it.
>
>> And now
>> it works. I even did not had to reboot.
>>
>> A really hope there are not many more things like this out there.
>> But i'm guessing ... :-) Oh come one.
>>
>> Frank
>>
>>
>>
>>
>>
>>> 8-) Say Thanks to Brian Dennis (Excellent Instructor BTW) for that
>>> hint, I learn that from one of this post
>>>
>>> Now try to remove the Authentication part and re-apply it, reboot
>>> your
>>>
>>>
>>
>>
>>> routers, etc...
>>>
>>> Victor.-
>>>
>>>
>>>
>>> -----Mensaje original-----
>>> De: ocsic@web.de [mailto:ocsic@web.de] Enviado el: Viernes, 01 de
>>> Septiembre de 2006 01:43 a.m.
>>> Para: Victor Cappuccio
>>> CC: 'Cisco certification'
>>> Asunto: Re: Rip authentication problem
>>>
>>> Victor Cappuccio schrieb:
>>>
>>> Hi Victor,
>>>
>>> this is a great hint to check white space. I did this on my two
>>>
>>>
>> routers:
>>
>>
>>> R6#s | in CISCO $
>>> R6#s | in CISCO$
>>> key-string CISCO
>>> R6#
>>>
>>> R1#s | in CISCO $
>>> R1#s | in CISCO$
>>> key-string CISCO
>>> neighbor 192.10.1.254 password CISCO
>>> R1#
>>>
>>> Which reveals also a neigbor statement, but this is from a bgp
>>> configurations.
>>>
>>> So this was great help, but now tells me, i was right with
>>>
> withspaces.
>
>>> There are none. Well i really don't know where to look. I find it
>>> also
>>>
>>>
>>
>>
>>> strange, that R6 is saying it receives MD5 and R1 is not telling
>>>
> that.
>
>>> Frank
>>>
>>>
>>>
>>>
>>>
>>>> At Router6 you have a space in the password in the key chain Try
>>>> this
>>>>
>>>>
>>
>>
>>>> Enter configuration commands, one per line. End with CNTL/Z.
>>>> Rack3Sw2(config)#key chain RIP
>>>> Rack3Sw2(config-keychain)# key 1
>>>> Rack3Sw2(config-keychain-key)# key-string CISCO
>>>> Rack3Sw2(config-keychain-key)#^Z Rack3Sw2#
>>>> 2d01h: %SYS-5-CONFIG_I: Configured from console by console
>>>> Rack3Sw2#show run | in CISCO$
>>>> key-string CISCO
>>>> Rack3Sw2#show run | in CISCO $
>>>>
>>>>
>>>> Grazie
>>>> Victor.-
>>>>
>>>>
>>>>
>>>> -----Mensaje original-----
>>>> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre
>>>> de
>>>>
>>>>
>>>>
>>> Frank
>>>
>>>
>>>
>>>> Enviado el: Viernes, 01 de Septiembre de 2006 01:04 a.m.
>>>> Para: Cisco certification
>>>> Asunto: Rip authentication problem
>>>>
>>>> Hi,
>>>>
>>>> i have a strange problem, that's driving me nuts. I configured RIP
>>>> authentication between two routers. And i have checked the
>>>> configuration many times, i can
>>>>
>>>>
>> see
>>
>>
>>>> no error on this.
>>>> Checked whitespace in the passwords. Both routers are restarted
>>>>
> also.
>
>>>> "debug ip rip" tells me still:
>>>>
>>>> R1 (c2600-ik9o3s3-mz.123-10a.bin) says:
>>>> *Mar 1 00:33:25.651: RIP: ignored v2 packet from 192.10.1.6
>>>> (invalid
>>>>
>>>>
>>
>>
>>>> authentication)
>>>> *Mar 1 00:33:25.651: RIP: ignored v2 packet from 192.10.1.6
>>>> (invalid
>>>>
>>>>
>>
>>
>>>> authentication)
>>>>
>>>> R6 (c2600-ik9o3s3-mz.123-10a.bin): says:
>>>> *Mar 1 00:06:27.779: RIP: received packet with MD5 authentication
>>>> *Mar 1 00:06:27.779: RIP: ignored v2 packet from 192.10.1.1
>>>> (invalid
>>>>
>>>>
>>
>>
>>>> authentication)
>>>> *Mar 1 00:06:27.779: RIP: received packet with MD5 authentication
>>>> *Mar 1 00:06:27.779: RIP: ignored v2 packet from 192.10.1.1
>>>> (invalid
>>>>
>>>>
>>
>>
>>>> authentication)
>>>>
>>>>
>>>> and i can't see routes are installed.
>>>>
>>>> Could someone give me a hint, on how to debug this in a better way?
>>>> Seems line R6 is
>>>> even not sending md5 authentication. Is it an IOS bug?
>>>>
>>>> R1:
>>>>
>>>> key chain RIP
>>>> key 1
>>>> key-string CISCO
>>>>
>>>> interface FastEthernet0/0
>>>> ip address 192.10.1.1 255.255.255.0 ip rip authentication mode md5
>>>>
>
>
>>>> ip rip authentication key-chain RIP
>>>>
>>>> router rip
>>>> version 2
>>>> redistribute eigrp 200 metric 1
>>>> network 192.10.1.0
>>>> neighbor 192.10.1.254
>>>> neighbor 192.10.1.6
>>>> no auto-summary
>>>>
>>>> R6:
>>>>
>>>> key chain RIP
>>>> key 1
>>>> key-string CISCO
>>>>
>>>> interface Ethernet0/0
>>>> ip address 192.10.1.6 255.255.255.0 ip rip authentication mode md5
>>>>
>
>
>>>> ip rip authentication key-chain RIP
>>>>
>>>> router rip
>>>> version 2
>>>> network 54.0.0.0
>>>> network 150.1.0.0
>>>> network 162.1.0.0
>>>> network 192.10.1.0
>>>> neighbor 192.10.1.1
>>>> neighbor 192.10.1.254
>>>> no auto-summary
>>>>
>>>>
>>>> Thank you,
>>>>
>>>> Frank
>>>>
>>>>
>>>>
>>>>
>> ______________________________________________________________________
>> _
>>
>>
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>> ______________________________________________________________________
>> _
>>
>>
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART