From: Jason Madsen (madsen.jason@gmail.com)
Date: Wed Jul 16 2008 - 16:40:27 ART
...not sure if this is exactly along the lines of what everyone is
discussing, but although Cisco's documentation states that key IDs must
match when used with EIGRP or RIP on neighbors, different key IDs still seem
to work just fine in RIP (not EIGRP). Can't really explain why, but I've
seen it tested/labbed. different key IDs (same password) works with
RIP...obviously not the preferred way to do it though.
Jason
On Wed, Jul 16, 2008 at 1:33 PM, Alexey Tolstenok <alextols@gmail.com>
wrote:
> Hi Scott,
> Obviously when you are doing md5 auth with different key-ids and same
> password - it shouldn't work. But I suppose you agree when it somehow works
> under strange conditions this semi-feature shouldn't be considered as a
> reliable solution cause you can easily loose points (on CCIE lab) or money
> (in ISP network)
>
>
> 2008/7/16 Scott Morris <smorris@internetworkexpert.com>:
>
>> Are you doing MD5? If so, according to RFC 2082, section 3.1 the key
>> number absolutely is exchanged!
>>
>> If using plain text, according to RFC 2453, section 4.1 there is no entry
>> for key-id. Simply a 16-byte password.
>>
>>
>> Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
>> CCSI/JNCI-M/JNCI-ER
>> Senior CCIE Instructor
>>
>> smorris@internetworkexpert.com
>>
>>
>>
>>
> --
> Alexey Tolstenok
> CCIEx2 (R&S, SP) #17405, JNCIE-M #313, CCSI#31737
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART