From: srinivas pv (vsrinivas.paturi@gmail.com)
Date: Mon Nov 12 2007 - 12:05:01 ART
Hi,
You may also use 'show key chain' command to make sure that there are
no unneeded trailing spaces and comparing life times between devices.
Thanks,
Srinivas
On Nov 11, 2007 7:28 PM, Tarun Pahuja <pahujat@gmail.com> wrote:
> You can configure multiple keys. Each key has it's own identifier. The
> router examines the configured keys from the lowest to the higest until it
> encounters the first valid key. Few points to remember:
>
> 1) A training space is a valid character for a key string!(do not cut and
> paste)!
>
> 2) Lifetimes should overlap to prevent a time in which authentication is not
> in effect, synchronize the routers time with the same time for lifetime,
> preferably use NTP or manual set the clock the same on routers participating
> in authentication.
> 3) Always specify the authentication mode first and then the key string.
>
> HTH,
> Tarun
>
>
> On Nov 11, 2007 8:38 AM, Rich Collins <nilsi2002@gmail.com> wrote:
>
> > I can't find it in my notes but I vaguely recall that in such a case
> > RIP on the Hub will accept and validate those two different keys (use
> > the 2nd one if the first fails) for R3 but will be only sending out
> > the first key to both spokes. That means R3 will only ever see key1
> > on its incoming interface.
> >
> >
> > On Nov 11, 2007 8:04 AM, Bhaskar Sivanesan <bas_bharath@yahoo.com> wrote:
> > > Hi Group
> > >
> > > Hows the authentication keys in key-chains are managed...... like if I
> > have 2 keys in a a key chain, will the authentication process go
> > sequentiallly, till the authentication succeeds...
> > >
> > > My scenario is , I have R1 with a mulitpoint sub-interface terminating
> > at R2 and R3. RIP is enabled among these three and different keys have to be
> > used by R1 for authentication with R2 and R3. I tried the below config, but
> > authentication with R3 fails. i.e R3 receives update from R1 and ignores,
> > stating invalid authentication. however R1 receives updates from R3 and
> > accepts them.
> > >
> > > any suggestions???
> > >
> > > R1 -config
> > > ----------------
> > > key chain r1tor2
> > > key 1
> > > key-string ipexpert_R1toR2
> > > key 2
> > > key-string ipexpert_R1toR3
> > >
> > >
> > > R2 config
> > > -------------
> > > key chain r1tor2
> > > key 1
> > > key-string ipexpert_R1toR2
> > >
> > > R3 config
> > > -------------
> > > key chain r1tor3
> > > key 2
> > > key-string ipexpert_R1toR3
> > >
> > >
> > > Thanks
> > > Bhaskar
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Tired of spam? Yahoo! Mail has the best spam protection around
> > > http://mail.yahoo.com
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART