GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: RIP AAA posted 01/18/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


So what is the solution to this? Rabii, were you asked this question during
a lab exercise?

Thanks,
Imran.
 


-----Original Message-----
From: Balaji Siva [mailto:bsivasub@xxxxxxxxx]
Sent: Sunday, January 16, 2005 9:15 PM
To: Ed Lui
Cc: Brian Dennis; NOUR; ccielab@xxxxxxxxxxxxxx
Subject: Re: RIP AAA


It doesn't work for me either.  The documentation is clear

"Only one authentication packet is sent, regardless of how many valid
keys exist. The software examines the key numbers in order from lowest
to highest, and uses the first valid key it encounters"

So in this case i had two keys key1 and key2.  Only the spoke router
key1 is getting the updates, key2 router is failing to get updates due
to bad key (i.e. key1 authenticated packets)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr
_c/ipcprt2/1cfindep.htm#wp1001635


On Sat, 15 Jan 2005 23:59:06 -0800, Ed Lui <edwlui@xxxxxxxxx> wrote:
> Hi Brian,
> 
> I tested it in my lab. The result is "NOT WORKING". I can see the
> output of the debug, only one key is sent at a time. Then I went to
> cisco.com and read the documentation about the key-chain. However, I
> appreciate for your recommendation to lab this up. Otherwise, I will
> keep assuming it works that way.
> 
> Thanks,
> 
> --
> Edward
> (A+, Net+, MCP, MCP+I, MCSE, CCNA, CCNP)
> 
> 
> On Sat, 15 Jan 2005 21:57:26 -0500, Brian Dennis
> <bdennis@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> > I would highly recommend that the original poster lab this up and see
> > what issues they run into.  In particular, the problem with the hub
> > router needing to send two different keys on the same interface.
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> > bdennis@xxxxxxxxxxxxxxxxxxxxxx
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Direct: 775-745-6404 (Outside the US and Canada)
> >
> > -----Original Message-----
> > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
> > Ed Lui
> > Sent: Saturday, January 15, 2005 11:45 AM
> > To: NOUR
> > Cc: ccielab@xxxxxxxxxxxxxx
> > Subject: Re: RIP AAA
> >
> > Hi,
> >
> > I believe you can set up different key(i.e. key 1, key 2, key 3)
> > within your key chain on the hub router to authenticate the spokes.
> >
> > Anyone please correct me if I am wrong............
> >
> > --
> > Edward
> > (A+, Net+, MCP, MCP+I, MCSE, CCNA, CCNP)
> > Working very hard to get the IE(R/S)
> >
> > On Fri, 14 Jan 2005 23:14:54 -0000, NOUR <nour.rabii@xxxxxxxxxxxxxxxx>
> > wrote:
> > > Hi guys,
> > >
> > > I'm trying to configure  rip authentication md5 in a frame-rely
> > environment
> > > with one hub router and two spoke routers .
> > >
> > > Authentication normally is set in the interface that is connected on
> > > multipoint to the spoke routers ,
> > >
> > > How can I configure it if I would like to set different password (
> > > key-string ) for the two spokes routers .
> > >
> > > Thanks and good luck .
> > >
> > > Rabii NOUR
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html