10-25-2011 11:45 AM - edited 03-07-2019 03:03 AM
heloo brothers , this is my 1st poet here is cisco fourms
=======================================
assume that i have the scinerio as shown:
R1---------------------------R2
now i want to use key chain to perform authentication between routers
assume i created on R1
key chain ahmd
key 1
key-string 123
exit
key 2
key-string 1234
and i used the authentication mode md5 & the correct key chain name ahmd
on the other side on R2
assume i created
key chain ahmad1
key 10
key-string 123
exit
key 30
key-string 1234
and i used the authentication mode md5 & the correct key chain name ahmd1
my question is why the authentication will fail?????????
i understood that when i transmit i use the lowest key which is key 1 in R1 & key 10 in R2 , and when recive i will check all the vaild key,
in R1 the vaild keys are KEY 1 & KEY2 so when it revive the key 10 from R2 with password 123 it is the same as the key 1 and vice versa
so why the authentication faild ??????
i read from the book that the key number has not to be matched on both routers , but i could make an authentication only when the key number are matched
can any one help me where i have the miss understood??
thanks soo much bro
10-25-2011 11:56 AM
Hi! Maybe you have an error in your configuration? Please paste it here.
Also debug eigrp packet will be very helpful and informative to determine reason why authentication fails. Also please enable it and paste output here.
___
HTH. Please rate this post if it was helpful. If this solves your problem, please mark this post as "Correct Answer."
10-25-2011 12:10 PM
on R1
=============================================
Current configuration : 727 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
key chain cisco
key 10
key-string 123
key 20
key-string 1234
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 cisco
duplex auto
speed auto
!
router eigrp 1
network 10.0.0.0
auto-summary
!
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
==========================
on R2
=================================
Building configuration...
Current configuration : 723 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
key chain ahmd
key 1
key-string 123
key 2
key-string 1234
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 ahmd
duplex auto
speed auto
!
router eigrp 1
network 10.0.0.0
auto-summary
!
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
=====================================
why the authentication faild??????
should i use the same key number and the same key-string on the two routers to solve the issue??
thanks bro for ur intersting
10-25-2011 12:53 PM
Ahmed,
You need to use the same key-string on both routers.
HTH
10-25-2011 12:58 PM
thanks all
i ve just found that there is a typo in the book of cisco
the correction is that we must use the same key number and the same key string in the two routers
not as what was said that """ key number is not critical""
thnaks all for ur replies
10-25-2011 11:50 PM
Ahmed, debug shows it very clearly:
EIGRP: pkt authentication key id = 10, key not defined or not live
___
HTH. Please rate this post if it was helpful. If this solves your problem, please mark this post as "Correct Answer."
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide