From: ylara@sunsetlearning.com
Date: Sat Jan 06 2007 - 03:35:22 ART
Is it possible to have one key chain with two keys and use it to authenticate two different neighbors on the same interface, but using two different keys?
R1#show run
!
key chain 1
key 1
key-string yasmin
key 2
key-string yasmin1
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain 1
!
R2#show run
!
key chain 1
key 1
key-string yasmin1
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain 1
!
S1-CAT3560#show run
!
key chain 1
key 1
key-string yasmin
!
interface Vlan100
ip address 192.168.1.10 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain 1
!
router rip
version 2
network 192.168.1.0
no auto-summary
Only R1 and S1-3560 can exchange updates. It seems like R1 is only using
key 1 to send and receive even though key 2 shows as valid.
R1#show key chain
Key-chain 1:
key 1 -- text "yasmin"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
key 2 -- text "yasmin1"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:55 ART