Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2486
Views
0
Helpful
7
Replies

EIGRP Key Chain Rotation

christopher-j
Level 1
Level 1

‎11-03-2014 12:53 AM - edited ‎03-05-2019 12:05 AM

I have implemented the key-rotation and it was successfully tested. However I have encountered a issue when devices are restarted. Once the device is restored the key chain has defaulted to Mar 1, 1993. Is this normal? is there a fix for this? I have seen others blog about the issue but have found no resolutions.

Labels:
0 Helpful
7 Replies 7

Mohit Sahai
Cisco Employee
Cisco Employee

‎11-06-2014 09:22 PM

Hello Christopher,

 

Could you share the Key-chain configuration.

 

Aside, please let me know how the time gets set on your router(via NTP or manual config etc)

 

Looks you have the similar issue which is discussed in below 

http://cciejournry.blogspot.in/2011/12/eigrp-authentication-and-time-based.html

 

 

Regards,

Mohit 

0 Helpful

christopher-j
Level 1
Level 1
In response to Mohit Sahai

‎11-06-2014 09:57 PM

Hi Msahai,

 

Thanks for the response

 

Key 5

key-string

accept-lifetime 06:00:00 Oct 1 2014 06:00:00 Apr 1 2015

send-lifetime 0:6:00:00 Oct 1 2014 06:00:00 Apr 1 2015

Key 10.

accept-lifetime 06:00:00 Apr 1 2015 06:00:00 Oct 1 2015

send-lifetime 06:00:00 Apr 1 2015 06:00:00 Oct 1 2015

Key 9999

accept-lifetime 06:00:00 Sep 30 2014 infinite

send-lifetime 06:00:00 Sep 30 2014 infinite

interface port-channel1

description Core Port channel

ip address x.x.x.x x.x.x.x

ip authentication mode eigrp md5

ip authentication mode eigrp 22163 md5

ip authentication key-chain eigrp 1

ip authentication key-chain eigrp 22163

 

The core is my NTP

0 Helpful

Mohit Sahai
Cisco Employee
Cisco Employee
In response to christopher-j

‎11-06-2014 10:11 PM

Hi Christopher,

What exactly do you mean by "the key chain has defaulted to Mar 1, 1993"

What is the output of "show key chain" after the router gets restarted and gets synched with the NTP server?

 

Regards,

Mohit 

 

 

0 Helpful

christopher-j
Level 1
Level 1
In response to Mohit Sahai

‎11-07-2014 12:30 AM

I had a power outage on two of my switches, they rebooted and when they came back online the dates on the devices were Mar 1 1993 and I have to redo the key-chain in order for them to link back to the core

0 Helpful

Mohit Sahai
Cisco Employee
Cisco Employee
In response to christopher-j

‎11-07-2014 09:17 AM

Hi Christopher,

 

What was the clocking on the router? (the output of "show clock")

Did the NTP provided the clocking information to the switches after they came up.

The EIGRP should come up once the clocking is correct on the switches.

 

Regards,

Mohit

0 Helpful

christopher-j
Level 1
Level 1
In response to Mohit Sahai

‎11-12-2014 09:50 PM

The switches are receiving time from the core. It is the distribution switches that when rebooted, or power is lost come back online with this Mar 1 1993 date

0 Helpful

Mohit Sahai
Cisco Employee
Cisco Employee
In response to christopher-j

‎11-24-2014 11:09 PM

Hello Christopher,

 

When the router just gets started and till the time it is not getting updated with the correct time from the NTP server in your case, EIGRP would also not come up because its dependent on the clock.

 

Just wanted to know when the system comes up, does router gets the correct clock after some time when it starts receiving clocking information from the NTP source?

 

Also when router receives the clocking information from the NTP source, still then EIGRP is down??

 

From the configuration you have, EIGRP should come up as soon as the correct time/clock information is loaded on the router.

 

Regards,

Mohit 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card