I think Stan gets the prize today. I redid it paying attention to the order of inputting the commands and it seems to work. It survived a reboot.
So.RIP (0) Stan (1). The rest of us.well - mainly me. Defeated. -mike From: Stan [mailto:[email protected]] Sent: Sunday, July 19, 2009 5:39 PM To: Michael Lipsey Cc: Bryan Bartik; [email protected]; [email protected]; CCIE OSL Subject: Re: [OSL | CCIE_RS] RIP Authentication You can try removing the key chain, saving end reloading. After they come up, make sure you have authentication on the interfaces first and than add key chain to the global config. According to the config guide authentication must be enabled for the protocol first and than keys managed: http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_prot_ indep.html#wp1056961 Section: Managing Authentication Keys Also I would try a time other than 00:00:00 for the key, I remember reading something about it, I just cannot quite remember details, sorry! Sounds buggy to me... Stan On Sun, Jul 19, 2009 at 4:55 PM, Michael Lipsey <[email protected]> wrote: I had the accept-lifetime in there and it behaved the same way. I'm going to watch an eagles cover band for an hour or so.maybe something will percolate to the surface in the mean time. From: Bryan Bartik [mailto:[email protected]] Sent: Sunday, July 19, 2009 4:48 PM To: Stan Cc: Michael Lipsey; [email protected]; [email protected]; CCIE OSL Subject: Re: [OSL | CCIE_RS] RIP Authentication Well yours was already working, right? I meant for the original poster to try it :) On Sun, Jul 19, 2009 at 5:42 PM, Stan <[email protected]> wrote: Bryan, Just did: R1(config-keychain-key)#do sh run | b key key chain RIP key 2 key-string 7 121015120A1B09163E14167A273A1047 accept-lifetime 00:27:00 Mar 1 2002 infinite R1(config-keychain-key)#do sh run in se 1/0 Building configuration... Current configuration : 154 bytes ! interface Serial1/0 ip address 150.100.24.2 255.255.255.0 ip rip authentication key-chain RIP encapsulation frame-relay serial restart-delay 0 end Working fine. Should I run any other variations? Stan On 7/19/09 4:30 PM, "Bryan Bartik" <[email protected]> wrote: Interesting...have you tried adding an accept-lifetime? On Sun, Jul 19, 2009 at 5:12 PM, Stan <[email protected]> wrote: Michael, I did test your configs on my topology and authentication worked fine with you key-string 7 121015120A1B09163E14167A273A1047 on a 3600 Software (C3660-JK9O3S-M), Version 12.4(25). Could you please post RIP routing process config and IOS version? Thanks, Stan On 7/19/09 2:13 PM, "Michael Lipsey" <[email protected]> wrote: > I did check those, I should have included them in my original email. > > Here they are: > > R2#sho clock > *21:11:32.639 UTC Sun Jul 19 2009 > R2#sho key chain > Key-chain R2toR4: > key 1 -- text "ipexpert_R2toR4" > accept lifetime (always valid) - (always valid) [valid now] > send lifetime (00:00:00 UTC Jan 1 2009) - (infinite) [valid now] > > R4#sho clock > *21:58:06.199 UTC Sun Jul 19 2009 > R4# > R4# > R4#sho key chain > Key-chain R2toR4: > key 1 -- text "ipexpert_R2toR4" > accept lifetime (always valid) - (always valid) [valid now] > send lifetime (00:00:00 UTC Jan 1 2009) - (infinite) [valid now] > R4# > > Maybe it is the sync of the clocks being off so much... > > Let me set them and see... > > > -Mike > -----Original Message----- > From: Joe Astorino [mailto:[email protected]] > Sent: Sunday, July 19, 2009 12:50 PM > To: Michael Lipsey; [email protected]; CCIE OSL > Subject: Re: [OSL | CCIE_RS] RIP Authentication > > Check your system clock : ) > > Sh clock > Sh key chain > > I bet it is invalid > > > Regards, > > Joe Astorino - CCIE #24347 R&S > Technical Instructor - IPexpert, Inc. > Cell: +1.586.212.6107 > Fax: +1.810.454.0130 > Mailto: [email protected] > > -----Original Message----- > From: "Michael Lipsey" <[email protected]> > > Date: Sun, 19 Jul 2009 12:44:46 > To: <[email protected]> > Subject: [OSL | CCIE_RS] RIP Authentication > > > This is supposed to be easy but I'm just not getting it, here are my logs > from R2: > > R2# > *Jul 19 19:39:39.448: RIP: received packet with text authentication > ipexpert_R2toR4 > *Jul 19 19:39:39.448: RIP: ignored v2 packet from 150.100.24.4 (invalid > authentication) > R2# > *Jul 19 19:39:54.328: RIP: sending v2 update to 224.0.0.9 via Loopback0 > (200.0.0.2) > *Jul 19 19:39:54.328: RIP: build update entries > *Jul 19 19:39:54.328: 150.100.24.0/24 <http://150.100.24.0/24> via 0.0.0.0, metric 1, tag 0 > *Jul 19 19:39:54.328: RIP: ignored v2 packet from 200.0.0.2 (sourced from > one of our addresses) > R2# > *Jul 19 19:39:57.532: RIP: sending v2 update to 224.0.0.9 via Serial0/1/0.24 > (150.100.24.2) > *Jul 19 19:39:57.532: RIP: build update entries > *Jul 19 19:39:57.532: 200.0.0.2/32 <http://200.0.0.2/32> via 0.0.0.0, metric 1, tag 0 > R2# > *Jul 19 19:40:05.948: RIP: received packet with text authentication > ipexpert_R2toR4 > *Jul 19 19:40:05.948: RIP: ignored v2 packet from 150.100.24.4 (invalid > authentication) > R2# > *Jul 19 19:40:23.156: RIP: sending v2 update to 224.0.0.9 via Serial0/1/0.24 > (150.100.24.2) > *Jul 19 19:40:23.156: RIP: build update entries > *Jul 19 19:40:23.156: 200.0.0.2/32 <http://200.0.0.2/32> via 0.0.0.0, metric 1, tag 0 > *Jul 19 19:40:23.168: RIP: sending v2 update to 224.0.0.9 via Loopback0 > (200.0.0.2) > *Jul 19 19:40:23.168: RIP: build update entries > *Jul 19 19:40:23.168: 150.100.24.0/24 <http://150.100.24.0/24> via 0.0.0.0, metric 1, tag 0 > *Jul 19 19:40:23.168: RIP: ignored v2 packet from 200.0.0.2 (sourced from > one of our addresses) > R2# > *Jul 19 19:40:32.464: RIP: received packet with text authentication > ipexpert_R2toR4 > *Jul 19 19:40:32.464: RIP: ignored v2 packet from 150.100.24.4 (invalid > authentication) > R2# > *Jul 19 19:40:49.096: RIP: sending v2 update to 224.0.0.9 via Serial0/1/0.24 > (150.100.24.2) > *Jul 19 19:40:49.096: RIP: build update entries > *Jul 19 19:40:49.096: 200.0.0.2/32 <http://200.0.0.2/32> via 0.0.0.0, metric 1, tag 0 > *Jul 19 19:40:50.060: RIP: sending v2 update to 224.0.0.9 via Loopback0 > (200.0.0.2) > *Jul 19 19:40:50.060: RIP: build update entries > *Jul 19 19:40:50.060: 150.100.24.0/24 <http://150.100.24.0/24> via 0.0.0.0, metric 1, tag 0 > *Jul 19 19:40:50.060: RIP: ignored v2 packet from 200.0.0.2 (sourced from > one of our addresses > > > I have all of the other interfaces except for the R2 to R4 Serial link shut > down, here are those configurations: > > R2: > > key chain R2toR4 > key 1 > key-string 7 121015120A1B09163E14167A273A1047 > send-lifetime 00:00:00 Jan 1 2009 infinite > ! > ! > interface Serial0/1/0.24 point-to-point > description Frame Relay Cloud 2 > ip address 150.100.24.2 255.255.255.0 > ip rip authentication key-chain R2toR4 > frame-relay interface-dlci 204 > > > R4: > > R4#sho run | b key > key chain R2toR4 > key 1 > key-string 7 121015120A1B09163E14167A273A1047 > send-lifetime 00:00:00 Jan 1 2009 infinite > ! > ! > interface Serial0/0/0 > ip address 150.100.24.4 255.255.255.0 > ip rip authentication key-chain R2toR4 > encapsulation frame-relay > frame-relay lmi-type cisco > > > Freaking computers... > Thanks! > > -Mike > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com> -- Bryan Bartik CCIE #23707 (R&S), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
