From: hadek.el-ayachi@nsn.com
Date: Mon Nov 12 2007 - 12:16:06 ART
You can use multiple key ids in OSPF HUB-and-SPOKE topology (rollover
process) but you cant do this in EIGRP/RIP, you need PPPoFR or GRE for
this to be possible.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ext srinivas pv
Sent: lundi 12 novembre 2007 15:05
To: Tarun Pahuja; bas_bharath@yahoo.com
Cc: Cisco certification
Subject: Re: Authentication keys
Hi,
You may also use 'show key chain' command to make sure that there are no
unneeded trailing spaces and comparing life times between devices.
Thanks,
Srinivas
On Nov 11, 2007 7:28 PM, Tarun Pahuja <pahujat@gmail.com> wrote:
> You can configure multiple keys. Each key has it's own identifier. The
> router examines the configured keys from the lowest to the higest
> until it encounters the first valid key. Few points to remember:
>
> 1) A training space is a valid character for a key string!(do not cut
> and paste)!
>
> 2) Lifetimes should overlap to prevent a time in which authentication
> is not in effect, synchronize the routers time with the same time for
> lifetime, preferably use NTP or manual set the clock the same on
> routers participating in authentication.
> 3) Always specify the authentication mode first and then the key
string.
>
> HTH,
> Tarun
>
>
> On Nov 11, 2007 8:38 AM, Rich Collins <nilsi2002@gmail.com> wrote:
>
> > I can't find it in my notes but I vaguely recall that in such a
> > case RIP on the Hub will accept and validate those two different
> > keys (use the 2nd one if the first fails) for R3 but will be only
> > sending out the first key to both spokes. That means R3 will only
> > ever see key1 on its incoming interface.
> >
> >
> > On Nov 11, 2007 8:04 AM, Bhaskar Sivanesan <bas_bharath@yahoo.com>
wrote:
> > > Hi Group
> > >
> > > Hows the authentication keys in key-chains are managed...... like
> > > if I
> > have 2 keys in a a key chain, will the authentication process go
> > sequentiallly, till the authentication succeeds...
> > >
> > > My scenario is , I have R1 with a mulitpoint sub-interface
> > > terminating
> > at R2 and R3. RIP is enabled among these three and different keys
> > have to be used by R1 for authentication with R2 and R3. I tried the
> > below config, but authentication with R3 fails. i.e R3 receives
> > update from R1 and ignores, stating invalid authentication. however
> > R1 receives updates from R3 and accepts them.
> > >
> > > any suggestions???
> > >
> > > R1 -config
> > > ----------------
> > > key chain r1tor2
> > > key 1
> > > key-string ipexpert_R1toR2
> > > key 2
> > > key-string ipexpert_R1toR3
> > >
> > >
> > > R2 config
> > > -------------
> > > key chain r1tor2
> > > key 1
> > > key-string ipexpert_R1toR2
> > >
> > > R3 config
> > > -------------
> > > key chain r1tor3
> > > key 2
> > > key-string ipexpert_R1toR3
> > >
> > >
> > > Thanks
> > > Bhaskar
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Tired of spam? Yahoo! Mail has the best spam protection around
> > > http://mail.yahoo.com
> > >
> > > __________________________________________________________________
> > > _____ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART