RE: Unable to enable EIGRP authentication in a switch

Jorge,

Did you enable NTP on the switch to correlate to the date and time periods
you have specified. Remember the default time on the cat switches is March
<something>, 1993. So invalid time ranges may cause the switch to reject
the command.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Jorge Cortes
Sent: Sunday, June 27, 2010 10:31 PM
To: Cisco certification
Subject: Unable to enable EIGRP authentication in a switch

Hi Team,

Today I was faced with a weird issue. I am still unsure if I am missing
anything here or if this is just some abnormal behavior. The issue is when I
try to enable EIGRP authentication in a switch, the command is not applied
to the interface and thus authentication is not enabled; however, I don't
get any error message. I tried reloading the switch but I would get the
same. Following are the relevant outputs of my configuration:

Rack1SW1#sh run | b key
key chain EIGRP_KEY
 key 1
   key-string CISCO2010
   accept-lifetime 00:00:00 Jan 1 1993 00:15:00 Jan 1 2011
   send-lifetime 00:00:00 Jan 1 1993 23:45:00 Dec 31 2010
 key 2
   key-string CISCO2011
   accept-lifetime 23:15:00 Dec 31 2010 infinite
   send-lifetime 23:45:00 Dec 31 2010 infinite

Rack1SW1#sh run int fa0/5
Building configuration...

Current configuration : 85 bytes
!
interface FastEthernet0/5
 no switchport
 ip address 148.1.57.7 255.255.255.0
end

Rack1SW1#sh run | b er eigrp
router eigrp 100
 passive-interface Vlan77
 distance eigrp 90 115
 no auto-summary
 eigrp router-id 150.1.7.7
 network 148.1.7.7 0.0.0.0
 network 148.1.57.7 0.0.0.0
 network 148.1.77.7 0.0.0.0
 network 150.1.7.7 0.0.0.0
!
Rack1SW1(config)#int fa0/5
Rack1SW1(config-if)#ip authen mode eigrp 100 md5
Rack1SW1(config-if)#do sh run int fa0/5
Building configuration...

Current configuration : 123 bytes
!
interface FastEthernet0/5
 no switchport
 ip address 148.1.57.7 255.255.255.0
 ip authentication mode eigrp 100 md5
end

Rack1SW1(config-if)#ip authen key eigrp 100 EIGRP_KEY
Rack1SW1(config-if)#do sh run int fa0/5
Building configuration...

Current configuration : 85 bytes
!
interface FastEthernet0/5
 no switchport
 ip address 148.1.57.7 255.255.255.0
end

As you can see, when I try to apply the key-chain for EIGRP authentication
to the interface, all EIGRP authentication commands are deleted from the
interface. This is happening for both routed ports and SVIs. I appreciate if
anybody could help me here.

Thanks,
Jorge

Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 27 2010 - 23:03:41 ART