Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2321
Views
5
Helpful
1
Replies

IP SLA authentication

Go to solution
Scott Cannon
Level 1
Level 1

‎05-10-2011 05:19 PM

Hi Guys,

I'm seeking some clarification on the functionality of IP SLA authentication.

I have configured an open ended responder on my network usign the ip sla responder command. I havea few routers using the device for various IP SLA monitors. I am now concerned that this device could be used in an unauthorised manner and wish to implement authentication.

I've added a key-chain to my configuration on the responder as follows:

key chain 1
key 1
key-string password

I then enabled authentication on the responder using the ip sla key-chain 1 command and found that the initiators (without authentication configured) were still communicating with the target.

Maybe I've misconfigured but I dont see it.

Can anyone tell me if this is the normal behaviour and if so what function the authentication provides?

Here's the associated config from the target:

IPSVC_R2#sho run | sect sla
ip sla responder
ip sla key-chain 1

And here from a intiator:

IPSVC_R1#sho run | sect sla
ip sla key-chain 1
ip sla 1
icmp-echo 2.2.2.2 source-interface Loopback1
frequency 5
ip sla schedule 1 life 86400 start-time now

key chain 1
key 1
key-string password

Thanks

Rgds

Scott

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎05-10-2011 11:37 PM

The ICMP echo operation does not require a responder-enabled target.  Authentication will come into play for operations like UDP echo and UDP jitter where you need a responder.  For ICMP echo, the target device's IP stack will respond to the echo request.

View solution in original post

1 Reply 1

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎05-10-2011 11:37 PM

The ICMP echo operation does not require a responder-enabled target.  Authentication will come into play for operations like UDP echo and UDP jitter where you need a responder.  For ICMP echo, the target device's IP stack will respond to the echo request.

Customers Also Viewed These Support Documents