- Posts: 12
- Thank you received: 0
Cisco RIPv2 auth key-chains
18 years 10 months ago #15076
by Gosbollen
Cisco RIPv2 auth key-chains was created by Gosbollen
Hi!
You can have several keys i a chain.
First question is: Why?
Second: How do I use them? I could only get "key 1" working by doing this:
Router(config)#key chain TEST
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string PASSW1
Router(config-keychain-key)#exit
Router(config-keychain)#key 2
Router(config-keychain-key)#key-string PASSW2
*****
Router(config)#int s0
Router(config-if)#ip rip authentication mode text
Router(config-if)#ip rip authentication key-chain TEST
/Sincerely
Martin
You can have several keys i a chain.
First question is: Why?
Second: How do I use them? I could only get "key 1" working by doing this:
Router(config)#key chain TEST
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string PASSW1
Router(config-keychain-key)#exit
Router(config-keychain)#key 2
Router(config-keychain-key)#key-string PASSW2
*****
Router(config)#int s0
Router(config-if)#ip rip authentication mode text
Router(config-if)#ip rip authentication key-chain TEST
/Sincerely
Martin
18 years 10 months ago #15082
by havohej
Replied by havohej on topic Re: Cisco RIPv2 auth key-chains
Its simple, for a router to exchange routing tables with its neighbor, the same keys must be set up in both sides, I mean for the neighbors for establish adjacencies, both of them must have the same key.
So at Cisco IOS you can set up more than one key, for example:
ROUTER A
ROUTER B
Router A has:
key 1 "secretkey1"
key 2 "secretkey2"
Router B has:
key1 "secrekey2"
So this scenario will work, just because, Router A must first try with its first configured key "key1", if it cant reach the established state it then tries "key2", notice that key 1 for router A, and Key 2 for router B is the same, so in this scenario it works at the second try.
So at Cisco IOS you can set up more than one key, for example:
ROUTER A
ROUTER B
Router A has:
key 1 "secretkey1"
key 2 "secretkey2"
Router B has:
key1 "secrekey2"
So this scenario will work, just because, Router A must first try with its first configured key "key1", if it cant reach the established state it then tries "key2", notice that key 1 for router A, and Key 2 for router B is the same, so in this scenario it works at the second try.
18 years 10 months ago #15095
by Gosbollen
Replied by Gosbollen on topic Re: Cisco RIPv2 auth key-chains
Hi!
Thanks for the reply.
The routers I used for this lab (1601, 12.1) only works in that way when they receive updates. Key 1 seems to be used as the advertisement key; it's the only one sent out on multicast.
The rest of the keys are only used for authentication of other routers.
Router A:
Key 1: ONE
Key 2: TWO
Key 3: FOUR
Router B:
Key 1: TWO
Key 2: ONE
Key 3: THREE
Router C:
Key 1: FOUR
Key 2: FIVE
Key 3: SIX
In this scenario,
Router A will accept updates from B&C
Router B will accept updates from A
Rotuer C will accept updates from none.
I guess you can't advertise another key than key 1...
/Martin
Thanks for the reply.
The routers I used for this lab (1601, 12.1) only works in that way when they receive updates. Key 1 seems to be used as the advertisement key; it's the only one sent out on multicast.
The rest of the keys are only used for authentication of other routers.
Router A:
Key 1: ONE
Key 2: TWO
Key 3: FOUR
Router B:
Key 1: TWO
Key 2: ONE
Key 3: THREE
Router C:
Key 1: FOUR
Key 2: FIVE
Key 3: SIX
In this scenario,
Router A will accept updates from B&C
Router B will accept updates from A
Rotuer C will accept updates from none.
I guess you can't advertise another key than key 1...
/Martin
Time to create page: 0.177 seconds