RE: Authentication keys

From: omair naim (omairnaim1@hotmail.com)
Date: Mon Nov 12 2007 - 17:19:20 ART

• Next message: omair naim: "RE: ACL-min lines"
• Previous message: Carpenter, Michael: "RE: CCIE Important Interview Quesition asked by Sunrise, Swiss"
• Maybe in reply to: Bhaskar Sivanesan: "Authentication keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think multiple keys are not possible in RIP, you can have multiple keys
usage in eigrp and ospf. R1 will always end up sending Key-1 to R3 thats why
you would see invalid authenticaion on R3 not allowing it to accept rip
updates from R3.

Later
Omair> Date: Mon, 12 Nov 2007 14:39:29 -0500> From: pahujat@gmail.com> To:
bas_bharath@yahoo.com> Subject: Re: Authentication keys> CC:
ccielab@groupstudy.com> >
http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1ceigrp.html
#wp4759> > HTH,> Tarun> > On Nov 12, 2007 2:01 PM, Bhaskar Sivanesan
<bas_bharath@yahoo.com> wrote:> > > Thanks everyone..... PPPoFr or GRE seems
to be the feasible solution...> >> > I will lab it up and see and thing
goes....> >> > cheers> >> >> >> >> > ----- Original Message ----> > From:
"hadek.el-ayachi@nsn.com" <hadek.el-ayachi@nsn.com>> > To:
vsrinivas.paturi@gmail.com; pahujat@gmail.com; bas_bharath@yahoo.com> > Cc:
ccielab@groupstudy.com> > Sent: Monday, November 12, 2007 3:16:06 PM> >
Subject: RE: Authentication keys> >> > You can use multiple key ids in OSPF
HUB-and-SPOKE topology (rollover> > process) but you cant do this in
EIGRP/RIP, you need PPPoFR or GRE for> > this to be possible.> >> >
-----Original Message-----> > From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On Behalf Of> > ext srinivas pv> > Sent: lundi
12 novembre 2007 15:05> > To: Tarun Pahuja; bas_bharath@yahoo.com> > Cc: Cisco
certification> > Subject: Re: Authentication keys> >> > Hi,> >> > You may also
use 'show key chain' command to make sure that there are no> > unneeded
trailing spaces and comparing life times between devices.> >> > Thanks,> >
Srinivas> >> > On Nov 11, 2007 7:28 PM, Tarun Pahuja <pahujat@gmail.com>
wrote:> > > You can configure multiple keys. Each key has it's own identifier.
The> >> > > router examines the configured keys from the lowest to the higest>
> > until it encounters the first valid key. Few points to remember:> > >> > >
1) A training space is a valid character for a key string!(do not cut> > > and
paste)!> > >> > > 2) Lifetimes should overlap to prevent a time in which
authentication> > > is not in effect, synchronize the routers time with the
same time for> > > lifetime, preferably use NTP or manual set the clock the
same on> > > routers participating in authentication.> > > 3) Always specify
the authentication mode first and then the key> > string.> > >> > > HTH,> > >
Tarun> > >> > >> > > On Nov 11, 2007 8:38 AM, Rich Collins
<nilsi2002@gmail.com> wrote:> > >> > > > I can't find it in my notes but I
vaguely recall that in such a> > > > case RIP on the Hub will accept and
validate those two different> > > > keys (use the 2nd one if the first fails)
for R3 but will be only> > > > sending out the first key to both spokes. That
means R3 will only> > > > ever see key1 on its incoming interface.> > > >> > >
>> > > > On Nov 11, 2007 8:04 AM, Bhaskar Sivanesan <bas_bharath@yahoo.com>> >
wrote:> > > > > Hi Group> > > > >> > > > > Hows the authentication keys in
key-chains are managed...... like> > > > > if I> > > > have 2 keys in a a key
chain, will the authentication process go> > > > sequentiallly, till the
authentication succeeds...> > > > >> > > > > My scenario is , I have R1 with a
mulitpoint sub-interface> > > > > terminating> > > > at R2 and R3. RIP is
enabled among these three and different keys> > > > have to be used by R1 for
authentication with R2 and R3. I tried the> >> > > > below config, but
authentication with R3 fails. i.e R3 receives> > > > update from R1 and
ignores, stating invalid authentication. however> >> > > > R1 receives updates
from R3 and accepts them.> > > > >> > > > > any suggestions???> > > > >> > > >
> R1 -config> > > > > ----------------> > > > > key chain r1tor2> > > > > key
1> > > > > key-string ipexpert_R1toR2> > > > > key 2> > > > > key-string
ipexpert_R1toR3> > > > >> > > > >> > > > > R2 config> > > > > -------------> >
> > > key chain r1tor2> > > > > key 1> > > > > key-string ipexpert_R1toR2> > >
> >> > > > > R3 config> > > > > -------------> > > > > key chain r1tor3> > > >
> key 2> > > > > key-string ipexpert_R1toR3> > > > >> > > > >> > > > > Thanks>
> > > > Bhaskar> > > > >> > > > >

• Next message: omair naim: "RE: ACL-min lines"
• Previous message: Carpenter, Michael: "RE: CCIE Important Interview Quesition asked by Sunrise, Swiss"
• Maybe in reply to: Bhaskar Sivanesan: "Authentication keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART