Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Cisco RIPv2 auth key-chains

Cisco RIPv2 auth key-chains 10 years 3 months ago #15076

  • Gosbollen
  • Gosbollen's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
Hi!

You can have several keys i a chain.
First question is: Why?
Second: How do I use them? I could only get "key 1" working by doing this:

Router(config)#key chain TEST
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string PASSW1
Router(config-keychain-key)#exit
Router(config-keychain)#key 2
Router(config-keychain-key)#key-string PASSW2
*****
Router(config)#int s0
Router(config-if)#ip rip authentication mode text
Router(config-if)#ip rip authentication key-chain TEST


/Sincerely
Martin
The administrator has disabled public write access.

Re: Cisco RIPv2 auth key-chains 10 years 3 months ago #15082

  • havohej
  • havohej's Avatar
  • Offline
  • Distinguished Member
  • Posts: 152
  • Karma: 0
Its simple, for a router to exchange routing tables with its neighbor, the same keys must be set up in both sides, I mean for the neighbors for establish adjacencies, both of them must have the same key.

So at Cisco IOS you can set up more than one key, for example:


ROUTER A
ROUTER B


Router A has:
key 1 "secretkey1"
key 2 "secretkey2"


Router B has:

key1 "secrekey2"

So this scenario will work, just because, Router A must first try with its first configured key "key1", if it cant reach the established state it then tries "key2", notice that key 1 for router A, and Key 2 for router B is the same, so in this scenario it works at the second try.
The administrator has disabled public write access.

Re: Cisco RIPv2 auth key-chains 10 years 3 months ago #15095

  • Gosbollen
  • Gosbollen's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
Hi!

Thanks for the reply.

The routers I used for this lab (1601, 12.1) only works in that way when they receive updates. Key 1 seems to be used as the advertisement key; it's the only one sent out on multicast.
The rest of the keys are only used for authentication of other routers.

Router A:
Key 1: ONE
Key 2: TWO
Key 3: FOUR

Router B:
Key 1: TWO
Key 2: ONE
Key 3: THREE

Router C:
Key 1: FOUR
Key 2: FIVE
Key 3: SIX

In this scenario,
Router A will accept updates from B&C
Router B will accept updates from A
Rotuer C will accept updates from none.

I guess you can't advertise another key than key 1...

/Martin
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup