11-30-2012 04:16 AM - edited 03-04-2019 06:17 PM
when you start to configure a rip version 2 network with authentication it gives the error "invalid authentication" in debug.
to solve this you must do " no router rip" and reset "router rip" on both sides to remove the error.
But in my case I have a rip version 2 link with authentication to a pfsense firewall. Resetting "router rip" on the cisco alone doesn't help the error.
The cisco is a 2621 with ios 12.4
What must I do?
Thanks
Solved! Go to Solution.
11-30-2012 07:08 AM
Hi,
Is this a typo ?
interface FastEthernet0/0
ip address 172.16.0.2 255.255.0.0
ip rip authentication key-chain chain cisco
if so can you try
interface FastEthernet0/0
ip address 172.16.0.2 255.255.0.0
ip rip authentication key-chain cisco
Regards.
Alain
Don't forget to rate helpful posts.
11-30-2012 04:36 AM
Hi,
can you show your debug output as well as sh run int and sh key chain output and also the rip config on Pfsense
Regards.
Alain
Don't forget to rate helpful posts.
11-30-2012 06:16 AM
HI Alain,
(I will not forget to rate)
It's a configuration in a lab.
The cisco is connected via the lan interface fa0/0
debug output:
Router#
*Mar 1 01:43:16.831: RIP: received packet with text authentication romeo
*Mar 1 01:43:16.835: RIP: ignored v2 packet from 172.16.0.254 (invalid authentication)
*Mar 1 01:43:24.791: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (172.16.0.2)
*Mar 1 01:43:24.795: RIP: build update entries - suppressing null update
*Mar 1 01:43:46.115: RIP: received packet with text authentication romeo
*Mar 1 01:43:46.119: RIP: ignored v2 packet from 172.16.0.254 (invalid authentication)
Router#sh run int fa0/0
Building configuration...
Current configuration : 138 bytes
!
interface FastEthernet0/0
ip address 172.16.0.2 255.255.0.0
ip rip authentication key-chain chain cisco
duplex auto
speed auto
end
Router#sh key chain
Key-chain cisco:
key 1 -- text "romeo"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Pfsense is configured with a browser.
I've selected rip,choosen the LAN interface,choosen ripv2 and filled in the password romeo ,It's the only thing that could be configured.
It's regretful I can't sent you the configuration in text.
I hope this will help you.
Hans
11-30-2012 07:08 AM
Hi,
Is this a typo ?
interface FastEthernet0/0
ip address 172.16.0.2 255.255.0.0
ip rip authentication key-chain chain cisco
if so can you try
interface FastEthernet0/0
ip address 172.16.0.2 255.255.0.0
ip rip authentication key-chain cisco
Regards.
Alain
Don't forget to rate helpful posts.
11-30-2012 07:25 AM
Hi,
I've typed "ip rip authentication key chain cisco" and sh run shows "ip rip authentication key-chain chain cisco"
I've forgotten the "-"
Now it works!
Thanks!
Hans
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide