Solved: Re: MD 5 in EIGRP

nasheer.ahmad · ‎01-09-2008

Hi,

After configuring EIGRP using MD5,AAA authentication is not taking.

Pls suggest.

regds

s.arunkumar · ‎01-10-2008

one more thing in ur config..

key chain TTL

key 1

key-string 7 15200419302F

accept-lifetime 15:45:00 Jan 9 2008

infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

key 2

key-string 7 113B1610231759

accept-lifetime 15:45:00 Jan 9 2008 infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

!

The send life time starts form Jan 9 2010!!!!.Make it same as of accept-lifetime date and check..

so i think this is not sending any key now.What is the configuration on other end routers??

View solution in original post

Pavel Bykov · ‎01-09-2008

AAA for your lines? Is EIGR working ok?

Richard Burts · ‎01-09-2008

Nasheer

You do not provide much detail to work from. The symptoms that you describe suggest that there may be a connectivity problem between your router and your authentication server. Can you verify whether the router is able to ping the authentication server (using whatever source address may have been specified)?

My guess is that there is some problem with the EIGRP authentication and that you lost some routes from your routing table.

HTH

Rick

HTH

Rick

nasheer.ahmad · ‎01-09-2008

Hi,

Pls find the configuration of one side router.

regds

shrikar.dange · ‎01-09-2008

Hi,

I think you are missing the eigrp authetication configuration

Add following statements under your interfaces:

ip authentication key-chain eigrp 7 TTL

ip authentication mode eigrp 7 md5

HTH,

regards,

shri :)

guruprasadr · ‎01-09-2008

HI Nasheer, [Do Rate if HELPS]

Please install the below configuration in your Router: (AAA - Authentication, Authorization and Accounting):

AAA:

-------

aaa authentication login vty tacacs+ local

aaa authentication login conuser tacacs+ local

aaa authentication enable default tacacs+ enable

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting commands 15 default start-stop tacacs+

tacacs-server host xxx.xxx.xxx.xxx

tacacs-server key 7 08124D601035103D32535554

In your attached Configuration, AAA commands are missing and in adddition for EIGRP there are no MD5 authentication enabled.

Do RATE if HELPS

Best Regards,

Guru Prasad R

nasheer.ahmad · ‎01-09-2008

Hi guru,

Still not working.I had EIGRP commands and AAA.

Pls suggest.

regds

guruprasadr · ‎01-09-2008

HI Nasheer,

Can you pls POST the sh run of Router in which the configurations are installed.

>> Is the Router can able to PING the TACACS Server ??

Do RATE ALL HELPFUL POSTS

Best Regards,

Guru Prasad R

s.arunkumar · ‎01-10-2008

one more thing in ur config..

key chain TTL

key 1

key-string 7 15200419302F

accept-lifetime 15:45:00 Jan 9 2008

infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

key 2

key-string 7 113B1610231759

accept-lifetime 15:45:00 Jan 9 2008 infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

!

The send life time starts form Jan 9 2010!!!!.Make it same as of accept-lifetime date and check..

so i think this is not sending any key now.What is the configuration on other end routers??

nasheer.ahmad · ‎01-11-2008

Thanks Arun.I had configured as 2010 because it should accept the given key only up to that period.

I had corrected the configuration.

regds

nasheer.ahmad · ‎01-10-2008

Hi guru,

Pls check..

regds

shrikar.dange · ‎01-10-2008

hi,

good point by arun...

plz check the send-life time configured and make it same as accept life-time at least make it in year 2008.

HTH,

regards,

shri :)