Re: Authentication keys

From: Tarun Pahuja (pahujat@gmail.com)
Date: Mon Nov 12 2007 - 16:39:29 ART

• Next message: Scott Morris: "RE: CCIE Important Interview Quesition asked by Sunrise, Swiss"
• Previous message: Mohammad Saeed: "Weird Spanning-tree config from real life scenario"
• Maybe in reply to: Bhaskar Sivanesan: "Authentication keys"
• Next in thread: omair naim: "RE: Authentication keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1ceigrp.html#wp4759

HTH,
Tarun

On Nov 12, 2007 2:01 PM, Bhaskar Sivanesan <bas_bharath@yahoo.com> wrote:

> Thanks everyone..... PPPoFr or GRE seems to be the feasible solution...
>
> I will lab it up and see and thing goes....
>
> cheers
>
>
>
>
> ----- Original Message ----
> From: "hadek.el-ayachi@nsn.com" <hadek.el-ayachi@nsn.com>
> To: vsrinivas.paturi@gmail.com; pahujat@gmail.com; bas_bharath@yahoo.com
> Cc: ccielab@groupstudy.com
> Sent: Monday, November 12, 2007 3:16:06 PM
> Subject: RE: Authentication keys
>
> You can use multiple key ids in OSPF HUB-and-SPOKE topology (rollover
> process) but you cant do this in EIGRP/RIP, you need PPPoFR or GRE for
> this to be possible.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ext srinivas pv
> Sent: lundi 12 novembre 2007 15:05
> To: Tarun Pahuja; bas_bharath@yahoo.com
> Cc: Cisco certification
> Subject: Re: Authentication keys
>
> Hi,
>
> You may also use 'show key chain' command to make sure that there are no
> unneeded trailing spaces and comparing life times between devices.
>
> Thanks,
> Srinivas
>
> On Nov 11, 2007 7:28 PM, Tarun Pahuja <pahujat@gmail.com> wrote:
> > You can configure multiple keys. Each key has it's own identifier. The
>
> > router examines the configured keys from the lowest to the higest
> > until it encounters the first valid key. Few points to remember:
> >
> > 1) A training space is a valid character for a key string!(do not cut
> > and paste)!
> >
> > 2) Lifetimes should overlap to prevent a time in which authentication
> > is not in effect, synchronize the routers time with the same time for
> > lifetime, preferably use NTP or manual set the clock the same on
> > routers participating in authentication.
> > 3) Always specify the authentication mode first and then the key
> string.
> >
> > HTH,
> > Tarun
> >
> >
> > On Nov 11, 2007 8:38 AM, Rich Collins <nilsi2002@gmail.com> wrote:
> >
> > > I can't find it in my notes but I vaguely recall that in such a
> > > case RIP on the Hub will accept and validate those two different
> > > keys (use the 2nd one if the first fails) for R3 but will be only
> > > sending out the first key to both spokes. That means R3 will only
> > > ever see key1 on its incoming interface.
> > >
> > >
> > > On Nov 11, 2007 8:04 AM, Bhaskar Sivanesan <bas_bharath@yahoo.com>
> wrote:
> > > > Hi Group
> > > >
> > > > Hows the authentication keys in key-chains are managed...... like
> > > > if I
> > > have 2 keys in a a key chain, will the authentication process go
> > > sequentiallly, till the authentication succeeds...
> > > >
> > > > My scenario is , I have R1 with a mulitpoint sub-interface
> > > > terminating
> > > at R2 and R3. RIP is enabled among these three and different keys
> > > have to be used by R1 for authentication with R2 and R3. I tried the
>
> > > below config, but authentication with R3 fails. i.e R3 receives
> > > update from R1 and ignores, stating invalid authentication. however
>
> > > R1 receives updates from R3 and accepts them.
> > > >
> > > > any suggestions???
> > > >
> > > > R1 -config
> > > > ----------------
> > > > key chain r1tor2
> > > > key 1
> > > > key-string ipexpert_R1toR2
> > > > key 2
> > > > key-string ipexpert_R1toR3
> > > >
> > > >
> > > > R2 config
> > > > -------------
> > > > key chain r1tor2
> > > > key 1
> > > > key-string ipexpert_R1toR2
> > > >
> > > > R3 config
> > > > -------------
> > > > key chain r1tor3
> > > > key 2
> > > > key-string ipexpert_R1toR3
> > > >
> > > >
> > > > Thanks
> > > > Bhaskar
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Tired of spam? Yahoo! Mail has the best spam protection around
> > > > http://mail.yahoo.com
> > > >
> > > > __________________________________________________________________
> > > > _____ Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > ____________________________________________________________________
> > > ___ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: CCIE Important Interview Quesition asked by Sunrise, Swiss"
• Previous message: Mohammad Saeed: "Weird Spanning-tree config from real life scenario"
• Maybe in reply to: Bhaskar Sivanesan: "Authentication keys"
• Next in thread: omair naim: "RE: Authentication keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART