Solved: IP SLA authentication

Scott Cannon · ‎05-10-2011

Hi Guys,

I'm seeking some clarification on the functionality of IP SLA authentication.

I have configured an open ended responder on my network usign the ip sla responder command. I havea few routers using the device for various IP SLA monitors. I am now concerned that this device could be used in an unauthorised manner and wish to implement authentication.

I've added a key-chain to my configuration on the responder as follows:

key chain 1
key 1
key-string password

I then enabled authentication on the responder using the ip sla key-chain 1 command and found that the initiators (without authentication configured) were still communicating with the target.

Maybe I've misconfigured but I dont see it.

Can anyone tell me if this is the normal behaviour and if so what function the authentication provides?

Here's the associated config from the target:

IPSVC_R2#sho run | sect sla
ip sla responder
ip sla key-chain 1

And here from a intiator:

IPSVC_R1#sho run | sect sla
ip sla key-chain 1
ip sla 1
icmp-echo 2.2.2.2 source-interface Loopback1
frequency 5
ip sla schedule 1 life 86400 start-time now

key chain 1
key 1
key-string password

Thanks

Rgds

Scott

Joe Clarke · ‎05-10-2011

The ICMP echo operation does not require a responder-enabled target. Authentication will come into play for operations like UDP echo and UDP jitter where you need a responder. For ICMP echo, the target device's IP stack will respond to the echo request.

View solution in original post

Joe Clarke · ‎05-10-2011

The ICMP echo operation does not require a responder-enabled target. Authentication will come into play for operations like UDP echo and UDP jitter where you need a responder. For ICMP echo, the target device's IP stack will respond to the echo request.

IP SLA authentication

Monitoramento de Rede com IP SLA

IP SLA の基本設定

IP SLA の icmp-echo を使用した設定例

IP SLA 简介

IP SLA のSNMP Trap 設定