Its simple, for a router to exchange routing tables with its neighbor, the same keys must be set up in both sides, I mean for the neighbors for establish adjacencies, both of them must have the same key.
So at Cisco IOS you can set up more than one key, for example:
Router A has:
key 1 "secretkey1"
key 2 "secretkey2"
Router B has:
So this scenario will work, just because, Router A must first try with its first configured key "key1", if it cant reach the established state it then tries "key2", notice that key 1 for router A, and Key 2 for router B is the same, so in this scenario it works at the second try.
Re: Cisco RIPv2 auth key-chains
12 years 8 months ago #15095
The routers I used for this lab (1601, 12.1) only works in that way when they receive updates. Key 1 seems to be used as the advertisement key; it's the only one sent out on multicast.
The rest of the keys are only used for authentication of other routers.
Key 1: ONE
Key 2: TWO
Key 3: FOUR
Key 1: TWO
Key 2: ONE
Key 3: THREE
Key 1: FOUR
Key 2: FIVE
Key 3: SIX
In this scenario,
Router A will accept updates from B&C
Router B will accept updates from A
Rotuer C will accept updates from none.
I guess you can't advertise another key than key 1...