You can try removing the key chain, saving end reloading. After they come up, make sure you have authentication on the interfaces first and than add key chain to the global config. According to the config guide authentication must be enabled for the protocol first and than keys managed:
http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_prot_indep.html#wp1056961 Section: Managing Authentication Keys Also I would try a time other than 00:00:00 for the key, I remember reading something about it, I just cannot quite remember details, sorry! Sounds buggy to me... Stan On Sun, Jul 19, 2009 at 4:55 PM, Michael Lipsey <[email protected]>wrote: > I had the accept-lifetime in there and it behaved the same way. > > > > I’m going to watch an eagles cover band for an hour or so…maybe something > will percolate to the surface in the mean time… > > > > *From:* Bryan Bartik [mailto:[email protected]] > *Sent:* Sunday, July 19, 2009 4:48 PM > *To:* Stan > *Cc:* Michael Lipsey; [email protected]; > [email protected]; CCIE OSL > > *Subject:* Re: [OSL | CCIE_RS] RIP Authentication > > > > Well yours was already working, right? I meant for the original poster to > try it :) > > On Sun, Jul 19, 2009 at 5:42 PM, Stan <[email protected]> wrote: > > Bryan, > > Just did: > > R1(config-keychain-key)#do sh run | b key > key chain RIP > key 2 > key-string 7 121015120A1B09163E14167A273A1047 > accept-lifetime 00:27:00 Mar 1 2002 infinite > > R1(config-keychain-key)#do sh run in se 1/0 > Building configuration... > > Current configuration : 154 bytes > ! > interface Serial1/0 > > > ip address 150.100.24.2 255.255.255.0 > > ip rip authentication key-chain RIP > encapsulation frame-relay > serial restart-delay 0 > end > > Working fine. Should I run any other variations? > > Stan > > > > > On 7/19/09 4:30 PM, "Bryan Bartik" <[email protected]> wrote: > > Interesting...have you tried adding an accept-lifetime? > > On Sun, Jul 19, 2009 at 5:12 PM, Stan <[email protected]> wrote: > > Michael, > > I did test your configs on my topology and authentication worked fine with > you key-string 7 121015120A1B09163E14167A273A1047 on a 3600 Software > (C3660-JK9O3S-M), Version 12.4(25). > > Could you please post RIP routing process config and IOS version? > > Thanks, > Stan > > > On 7/19/09 2:13 PM, "Michael Lipsey" <[email protected]> wrote: > > > I did check those, I should have included them in my original email. > > > > Here they are: > > > > R2#sho clock > > *21:11:32.639 UTC Sun Jul 19 2009 > > R2#sho key chain > > Key-chain R2toR4: > > key 1 -- text "ipexpert_R2toR4" > > accept lifetime (always valid) - (always valid) [valid now] > > send lifetime (00:00:00 UTC Jan 1 2009) - (infinite) [valid now] > > > > R4#sho clock > > *21:58:06.199 UTC Sun Jul 19 2009 > > R4# > > R4# > > R4#sho key chain > > Key-chain R2toR4: > > key 1 -- text "ipexpert_R2toR4" > > accept lifetime (always valid) - (always valid) [valid now] > > send lifetime (00:00:00 UTC Jan 1 2009) - (infinite) [valid now] > > R4# > > > > Maybe it is the sync of the clocks being off so much... > > > > Let me set them and see... > > > > > > -Mike > > -----Original Message----- > > From: Joe Astorino [mailto:[email protected]<[email protected]> > ] > > Sent: Sunday, July 19, 2009 12:50 PM > > To: Michael Lipsey; [email protected]; CCIE OSL > > Subject: Re: [OSL | CCIE_RS] RIP Authentication > > > > Check your system clock : ) > > > > Sh clock > > Sh key chain > > > > I bet it is invalid > > > > > > Regards, > > > > Joe Astorino - CCIE #24347 R&S > > Technical Instructor - IPexpert, Inc. > > Cell: +1.586.212.6107 > > Fax: +1.810.454.0130 > > Mailto: [email protected] > > > > -----Original Message----- > > From: "Michael Lipsey" <[email protected]> > > > > Date: Sun, 19 Jul 2009 12:44:46 > > To: <[email protected]> > > Subject: [OSL | CCIE_RS] RIP Authentication > > > > > > This is supposed to be easy but I'm just not getting it, here are my logs > > from R2: > > > > R2# > > *Jul 19 19:39:39.448: RIP: received packet with text authentication > > ipexpert_R2toR4 > > *Jul 19 19:39:39.448: RIP: ignored v2 packet from 150.100.24.4 (invalid > > authentication) > > R2# > > *Jul 19 19:39:54.328: RIP: sending v2 update to 224.0.0.9 via Loopback0 > > (200.0.0.2) > > *Jul 19 19:39:54.328: RIP: build update entries > > > *Jul 19 19:39:54.328: 150.100.24.0/24 <http://150.100.24.0/24> via > 0.0.0.0, metric 1, tag 0 > > > > *Jul 19 19:39:54.328: RIP: ignored v2 packet from 200.0.0.2 (sourced from > > one of our addresses) > > R2# > > *Jul 19 19:39:57.532: RIP: sending v2 update to 224.0.0.9 via > Serial0/1/0.24 > > (150.100.24.2) > > *Jul 19 19:39:57.532: RIP: build update entries > > > *Jul 19 19:39:57.532: 200.0.0.2/32 <http://200.0.0.2/32> via 0.0.0.0, > metric 1, tag 0 > > > > R2# > > *Jul 19 19:40:05.948: RIP: received packet with text authentication > > ipexpert_R2toR4 > > *Jul 19 19:40:05.948: RIP: ignored v2 packet from 150.100.24.4 (invalid > > authentication) > > R2# > > *Jul 19 19:40:23.156: RIP: sending v2 update to 224.0.0.9 via > Serial0/1/0.24 > > (150.100.24.2) > > *Jul 19 19:40:23.156: RIP: build update entries > > > *Jul 19 19:40:23.156: 200.0.0.2/32 <http://200.0.0.2/32> via 0.0.0.0, > metric 1, tag 0 > > > > *Jul 19 19:40:23.168: RIP: sending v2 update to 224.0.0.9 via Loopback0 > > (200.0.0.2) > > *Jul 19 19:40:23.168: RIP: build update entries > > > *Jul 19 19:40:23.168: 150.100.24.0/24 <http://150.100.24.0/24> via > 0.0.0.0, metric 1, tag 0 > > > > *Jul 19 19:40:23.168: RIP: ignored v2 packet from 200.0.0.2 (sourced from > > one of our addresses) > > R2# > > *Jul 19 19:40:32.464: RIP: received packet with text authentication > > ipexpert_R2toR4 > > *Jul 19 19:40:32.464: RIP: ignored v2 packet from 150.100.24.4 (invalid > > authentication) > > R2# > > *Jul 19 19:40:49.096: RIP: sending v2 update to 224.0.0.9 via > Serial0/1/0.24 > > (150.100.24.2) > > *Jul 19 19:40:49.096: RIP: build update entries > > > *Jul 19 19:40:49.096: 200.0.0.2/32 <http://200.0.0.2/32> via 0.0.0.0, > metric 1, tag 0 > > > > *Jul 19 19:40:50.060: RIP: sending v2 update to 224.0.0.9 via Loopback0 > > (200.0.0.2) > > *Jul 19 19:40:50.060: RIP: build update entries > > > *Jul 19 19:40:50.060: 150.100.24.0/24 <http://150.100.24.0/24> via > 0.0.0.0, metric 1, tag 0 > > > > *Jul 19 19:40:50.060: RIP: ignored v2 packet from 200.0.0.2 (sourced from > > one of our addresses > > > > > > I have all of the other interfaces except for the R2 to R4 Serial link > shut > > down, here are those configurations: > > > > R2: > > > > key chain R2toR4 > > key 1 > > key-string 7 121015120A1B09163E14167A273A1047 > > send-lifetime 00:00:00 Jan 1 2009 infinite > > ! > > ! > > interface Serial0/1/0.24 point-to-point > > description Frame Relay Cloud 2 > > ip address 150.100.24.2 255.255.255.0 > > ip rip authentication key-chain R2toR4 > > frame-relay interface-dlci 204 > > > > > > R4: > > > > R4#sho run | b key > > key chain R2toR4 > > key 1 > > key-string 7 121015120A1B09163E14167A273A1047 > > send-lifetime 00:00:00 Jan 1 2009 infinite > > ! > > ! > > interface Serial0/0/0 > > ip address 150.100.24.4 255.255.255.0 > > ip rip authentication key-chain R2toR4 > > encapsulation frame-relay > > frame-relay lmi-type cisco > > > > > > Freaking computers... > > Thanks! > > > > -Mike > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > > visit www.ipexpert.com <http://www.ipexpert.com> > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > > visit www.ipexpert.com <http://www.ipexpert.com> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com> > > > > > > > -- > Bryan Bartik > CCIE #23707 (R&S), CCNP > Sr. Support Engineer - IPexpert, Inc. > URL: http://www.IPexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
