Re: AUTHENTICATION ERROR Multiple Key ids within key chain

From: Derek Pocoroba (dpocoroba@gmail.com)
Date: Fri Sep 07 2007 - 18:55:13 ART

• Next message: Antonio Soares: "RE: is IGP tag transitive"
• Previous message: Joseph Saad: "Re: serial back-to-back with dialer interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The issue is that you cant use multiple keys on an single interface. I
believe the solution to this task was to actually use 2x separate PPPoFR
interfaces. This gives you the ability to specify 1x key per interface.

This is one of those interruption tasks in that can trip you up. I believe
the lab at the beginning does not explicitly state you CANT create new
interfaces or change the encapsulation and even adding an IP address.

HTH

On 9/7/07, Usankin, Andrew <Andrew.Usankin@twtelecom.com> wrote:
>
> I got curious also what would be solution. I went through archives and
> didn't find anything related. Please if someone remembers let us know.
>
> I though about the answer also and if the task is fully described as it
> is then I have the answer. Task doesn't state that on R3 you have to use
> the same key chain, right? So use two key chains, one with key id 13 and
> another with key id 35.
>
> Andrew
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joseph Brunner
> Sent: Thursday, September 06, 2007 9:20 PM
> To: 'Edison Ortiz'; 'Carlos Trujillo Jimenez'; ccielab@groupstudy.com
> Cc: ctrujillo@magenta.cl
> Subject: RE: AUTHENTICATION ERROR Multiple Key ids within key chain
> EIGRP
>
> Yup... two keys, one physical frame-relay interface... didn't this go
> around like 2 weeks ago?
>
> Check the archives... we answered it...
>
> Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Edison Ortiz
> Sent: Thursday, September 06, 2007 11:03 PM
> To: 'Carlos Trujillo Jimenez'; ccielab@groupstudy.com
> Cc: ctrujillo@magenta.cl
> Subject: RE: AUTHENTICATION ERROR Multiple Key ids within key chain
> EIGRP
>
> Ah, the good old PPPoFR task. The painful memories :)
>
>
> Edison Ortiz
> Routing and Switching, CCIE # 17943
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Carlos Trujillo Jimenez
> Sent: Thursday, September 06, 2007 10:44 PM
> To: ccielab@groupstudy.com
> Cc: ctrujillo@magenta.cl
> Subject: AUTHENTICATION ERROR Multiple Key ids within key chain EIGRP
>
> I have the following scenario:
>
> R1, R3, R5 connected to the frame-relay cloud with router 3 acting as
> the Frame relay Hub and R1 and R5 as the spokes.
> We have a single network/24 between frame relay interfaces, using eigrp
> as the routing protocol.
> The task prompts to authenticate the sessions between the spokes an the
> hub, in the following fashion:
>
> R3 (the hub), must authenticate with R1 using password "CISCO13" (key id
> 13)
> R3 (the hub), must authenticate with R5 using password "CISCO35" (key id
> 35)
>
> So In the HUb router I create two keys within the key chain called
> EIGRP, numbering KEY 1 with the password CISCO13, and KEY 2 with the
> password CISCO35.
> At the spokes I only create a key chain also called EIGRP, matching Key
> id "13" with its password In R1, and key id "35" in R5.
>
> I only consider to authenticate and form EIGRP adjacency between ROUTER3
> AND ROUTER 1, but Theres is no way to form adjacency between ROUTER 3
> and ROUTER 5.
> Doing a debug at R5 about eigrp packetes I see R3 is only sending key id
> 13, and not key id 35, to ROUTER5.
> Anyone please knows what am I missing??
> any help would appreciate a lot.
>
> _________________________________________________________________
> Charla con tus amigos en lmnea mediante MSN Messenger:
> http://messenger.latam.msn.com/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> The content contained in this electronic message is not intended to
> constitute formation of a contract binding TWTC. TWTC will be
> contractually bound only upon execution, by an authorized officer, of
> a contract including agreed terms and conditions or by express
> application of its tariffs.
>
> This message is intended only for the use of the individual or entity
> to which it is addressed. If the reader of this message is not the
> intended recipient, or the employee or agent responsible for
> delivering the message to the intended recipient, you are hereby
> notified that any dissemination, distribution or copying of this
> message is strictly prohibited. If you have received this
> communication in error, please notify us immediately by replying to
> the sender of this E-Mail or by telephone.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Derek Pocoroba
CCIE #18559

• Next message: Antonio Soares: "RE: is IGP tag transitive"
• Previous message: Joseph Saad: "Re: serial back-to-back with dialer interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:10 ART