From: Andy Hogard (andyhogard@gmail.com)
Date: Wed Jul 30 2008 - 18:30:29 ART
Hurray!! Alright I have got this running, but only at the expense of major
overhauling in the frame relay network. If any one needs, I can post my
configs as well. :)
Thanks, to all who replied insanely fast and to Thor Kopp.
Greets,
Andy.
On 7/30/08, Thor Kopp <thorkopp@googlemail.com> wrote:
>
> How about if you configure virtual-templates, this gives you different
> interfaces to configure your rip authentication statements on?
>
> On Wed, Jul 30, 2008 at 7:12 PM, Andy Hogard <andyhogard@gmail.com>wrote:
>
>> Hey all,
>>
>> I have been a subscriber for this list for some time now, although this is
>> my very first post (so a bit excited about it).
>>
>> Alright here is the scenario w/o wasting any further time, I have three
>> routers, Hub R2(multipoint sub-intf) connected to spokes R5 and R6 and 'm
>> running rip as my routing protocol. Here is what the scenario wants from
>> me,
>> under rip authentication tasks, updates between R2 to R5 will use md5
>> algorithm "ipexpert_R2toR5" ..and updates between R2 to R6 will use md5
>> algorithm "ipexpert_R2toR6".
>>
>>
>> Ok, and this is what I have configured ..on R2,
>>
>> interface Serial1/1.256 multipoint
>> ip rip authe mode md5
>> ip rip authentication key RIP_KEY_FR1
>> ip address 150.50.100.2 255.255.255.0
>> frame-relay map ip 150.50.100.5 205 broadcast
>> frame-relay map ip 150.50.100.6 206 broadcast
>> exit
>>
>> key chain RIP_KEY_FR1
>> key 1
>> key-string ipexpert_R2toR5
>> key 2
>> key-string ipexpert_R2toR6
>>
>> end
>> wr
>>
>> and on R6, I have the following configured:
>>
>> int s 1/1
>> ip address 150.50.100.6 255.255.255.0
>> encapsulation frame-relay
>> no dce-terminal-timing-enable
>> no arp frame-relay
>> frame-relay map ip 150.50.100.2 602 broadcast
>> frame-relay map ip 150.50.100.5 602
>> no frame-relay inverse-arp
>> ip rip authe mode md5
>> ip rip authentication key RIP_KEY_FR1
>> exit
>>
>> key chain RIP_KEY_FR1
>> key 2
>> key-string ipexpert_R2toR6
>>
>> end
>>
>> wr
>>
>> on R5, i have the following:
>>
>> int s 1/1
>> ip address 150.50.100.5 255.255.255.0
>> encapsulation frame-relay
>> no dce-terminal-timing-enable
>> no arp frame-relay
>> frame-relay map ip 150.50.100.2 502 broadcast
>> frame-relay map ip 150.50.100.6 502
>> no frame-relay inverse-arp
>> ip rip authe mode md5
>> ip rip authentication key RIP_KEY_FR1
>> exit
>>
>> key chain RIP_KEY_FR1
>> key 1
>> key-string ipexpert_R2toR5
>>
>>
>> Ok, after having this in place I have figured that the link between R2 and
>> R6 will always get me a authentication error, as R2 will always send key 1
>> to both R5 and R6. Hence I may have to use a common key for the entire hub
>> and spoke network and have some send/accept lifetime for key 1 then when
>> its
>> expires use key 2 perhaps. Or is there a way that above config is do-able
>> with some tweaking, where in R2 will use updates using both the keys 1 and
>> 2
>> ..eh..!?
>>
>> This scenario has been taken from the ipexpert rns wb, its good that its
>> there ..sought of an eye-opener for me. But I don't think proctor guide
>> highlights this issue, instead I think they give the same config ..and all
>> should work smooth as per them, which is what makes me ponder and think
>> ..ya?!
>>
>>
>> Let your two cents flow. :D
>>
>>
>> Greets,
>> Andy.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Thanks,
> Thor
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:58 ART