cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2486
Views
0
Helpful
7
Replies

EIGRP Key Chain Rotation

christopher-j
Level 1
Level 1

I have implemented the key-rotation and it was successfully tested. However I have encountered a issue when devices are restarted. Once the device is restored the key chain has defaulted to Mar 1, 1993. Is this normal? is there a fix for this? I have seen others blog about the issue but have found no resolutions.

7 Replies 7

Mohit Sahai
Cisco Employee
Cisco Employee

Hello Christopher,

 

Could you share the Key-chain configuration.

 

Aside, please let me know how the time gets set on your router(via NTP or manual config etc)

 

Looks you have the similar issue which is discussed in below 

http://cciejournry.blogspot.in/2011/12/eigrp-authentication-and-time-based.html

 

 

Regards,

Mohit 

Hi Msahai,

 

Thanks for the response

 

Key 5

key-string

accept-lifetime 06:00:00 Oct 1 2014 06:00:00 Apr 1 2015

send-lifetime 0:6:00:00 Oct 1 2014 06:00:00 Apr 1 2015

Key 10.

accept-lifetime 06:00:00 Apr 1 2015 06:00:00 Oct 1 2015

send-lifetime 06:00:00 Apr 1 2015 06:00:00 Oct 1 2015

Key 9999

accept-lifetime 06:00:00 Sep 30 2014 infinite

send-lifetime 06:00:00 Sep 30 2014 infinite

interface port-channel1

description Core Port channel

ip address x.x.x.x x.x.x.x

ip authentication mode eigrp md5

ip authentication mode eigrp 22163 md5

ip authentication key-chain eigrp 1

ip authentication key-chain eigrp 22163

 

The core is my NTP

Hi Christopher,

What exactly do you mean by "the key chain has defaulted to Mar 1, 1993"

What is the output of "show key chain" after the router gets restarted and gets synched with the NTP server?

 

Regards,

Mohit 

 

 

I had a power outage on two of my switches, they rebooted and when they came back online the dates on the devices were Mar 1 1993 and I have to redo the key-chain in order for them to link back to the core

Hi Christopher,

 

What was the clocking on the router? (the output of "show clock")

Did the NTP provided the clocking information to the switches after they came up.

The EIGRP should come up once the clocking is correct on the switches.

 

Regards,

Mohit

The switches are receiving time from the core. It is the distribution switches that when rebooted, or power is lost come back online with this Mar 1 1993 date

Hello Christopher,

 

When the router just gets started and till the time it is not getting updated with the correct time from the NTP server in your case, EIGRP would also not come up because its dependent on the clock.

 

Just wanted to know when the system comes up, does router gets the correct clock after some time when it starts receiving clocking information from the NTP source?

 

Also when router receives the clocking information from the NTP source, still then EIGRP is down??

 

From the configuration you have, EIGRP should come up as soon as the correct time/clock information is loaded on the router.

 

Regards,

Mohit 

 

Review Cisco Networking for a $25 gift card