cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1072
Views
0
Helpful
11
Replies

MD 5 in EIGRP

nasheer.ahmad
Level 1
Level 1

Hi,

After configuring EIGRP using MD5,AAA authentication is not taking.

Pls suggest.

regds

1 Accepted Solution

Accepted Solutions

one more thing in ur config..

key chain TTL

key 1

key-string 7 15200419302F

accept-lifetime 15:45:00 Jan 9 2008

infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

key 2

key-string 7 113B1610231759

accept-lifetime 15:45:00 Jan 9 2008 infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

!

The send life time starts form Jan 9 2010!!!!.Make it same as of accept-lifetime date and check..

so i think this is not sending any key now.What is the configuration on other end routers??

View solution in original post

11 Replies 11

Pavel Bykov
Level 5
Level 5

AAA for your lines? Is EIGR working ok?

Nasheer

You do not provide much detail to work from. The symptoms that you describe suggest that there may be a connectivity problem between your router and your authentication server. Can you verify whether the router is able to ping the authentication server (using whatever source address may have been specified)?

My guess is that there is some problem with the EIGRP authentication and that you lost some routes from your routing table.

HTH

Rick

HTH

Rick

Hi,

Pls find the configuration of one side router.

regds

Hi,

I think you are missing the eigrp authetication configuration

Add following statements under your interfaces:

ip authentication key-chain eigrp 7 TTL

ip authentication mode eigrp 7 md5

HTH,

regards,

shri :)

HI Nasheer, [Do Rate if HELPS]

Please install the below configuration in your Router: (AAA - Authentication, Authorization and Accounting):

AAA:

-------

aaa authentication login vty tacacs+ local

aaa authentication login conuser tacacs+ local

aaa authentication enable default tacacs+ enable

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting commands 15 default start-stop tacacs+

tacacs-server host xxx.xxx.xxx.xxx

tacacs-server key 7 08124D601035103D32535554

In your attached Configuration, AAA commands are missing and in adddition for EIGRP there are no MD5 authentication enabled.

Do RATE if HELPS

Best Regards,

Guru Prasad R

Hi guru,

Still not working.I had EIGRP commands and AAA.

Pls suggest.

regds

HI Nasheer,

Can you pls POST the sh run of Router in which the configurations are installed.

>> Is the Router can able to PING the TACACS Server ??

Do RATE ALL HELPFUL POSTS

Best Regards,

Guru Prasad R

one more thing in ur config..

key chain TTL

key 1

key-string 7 15200419302F

accept-lifetime 15:45:00 Jan 9 2008

infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

key 2

key-string 7 113B1610231759

accept-lifetime 15:45:00 Jan 9 2008 infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

!

The send life time starts form Jan 9 2010!!!!.Make it same as of accept-lifetime date and check..

so i think this is not sending any key now.What is the configuration on other end routers??

Thanks Arun.I had configured as 2010 because it should accept the given key only up to that period.

I had corrected the configuration.

regds

Hi guru,

Pls check..

regds

hi,

good point by arun...

plz check the send-life time configured and make it same as accept life-time at least make it in year 2008.

HTH,

regards,

shri :)

Review Cisco Networking for a $25 gift card