Re: RIP w/ key-chains [7:46675]
multiple key-id's are meant for *transition* stages, when you are changing the authentication keys. Or, you have configured automatic change of keys beginning certain date/time. However, I think that if key-id 1 has a value "cisco" the other end better have a key-id 1 value "cisco" or else it wont work. So what you are saying is correct regarding key-id's. The "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" seems a peculiar behaviour... I guess this is one more thing that we need to lab up and check. rgds Nick - Original Message - From: Timothy Ouellette To: Nick Shah Cc: ; ; Sent: Saturday, June 15, 2002 2:47 PM Subject: Re: RIP w/ key-chains > Yeah, it is kind of interesting. What's more interesting is the following. I > think that when you define your key-chain and you put a space and the end that > it doesn't really take that. What I think is happening is that when you try to > apply it under the "ip rip authentication key test " with the space at the > end. You'll notice that if you type that in and press ? that you can do the > following "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" forever, does > that mean you can call multiple key-chains? I'm not sure, so what I think may > be happening is that space may be telling the router that there is another > key-chain following the first one and then it cannot find the next one (cuz > there isn't one) and that's why it fails. > > I accept your statement about the key-chaings being locally significant, but > what about key id's? I remember reading somewhere that those have to be the > same such that if your using key 1 on routera, key 1 better be on routerb. Or > was that eigrp? I'll have to play "lab it up" a little more. > > Tim > > Nick Shah wrote: > > > Tim, > > > > Very interesting Q. > > > > However, one thing, *key Chain* names are only locally significant (on the > > router on which its defined). *key string* should be same for "pair" of > > routers (or adjacent routers which are going to exchange updates). I have > > checked it at various sources, DOC CD under IP ROUTING PROTOCOL INDEPENDENT > > features, and also in RIPV2 chapter in Doyle I. Both have stated that key > > chain names are only locally significant, key-strings should be the same on > > both ends. > > > > My guess regarding the behaviour of blank space is that when you are > > defining key-chain , the space doesn't form a part of the actual name, but > > when you are applying it to the interface its being considered (it could > > also be the other way around). > > > > I will lab it up tonight and give it a check. > > > > rgds > > Nick > > - Original Message - > > From: Timothy Ouellette > > To: ; > > Sent: Saturday, June 15, 2002 1:15 PM > > Subject: RIP w/ key-chains > > > > > Okay folks, starting off a late night studying and noticed something > > > weird. Got two boxes connected like so RouterA---RouterB > > > > > > Router B has a bunch of segments off of it. Something weird. Per some > > > of the material I have, the key chain names are supposed to be the same > > > but I've found that on routerA I can use the name "test" and router B I > > > can use the name "test2" and it'll work (i.e Routes get passed properly) > > > > > > Router A > > > > > > key chain test > > > key 1 > > >key-string cisco > > > > > > ip rip authentication key test > > > > > > Router B > > > key chain test2 > > > key 1 > > > key-string cisco > > > > > > ip rip authentication test2 > > > > > > But if on routerB, I change the key-chain name to "test ". (yes there is > > > a space at the end) and apply the appropriate "ip rip authentication > > > test " into the interface then the router spits back about it not liking > > > the authentication (invalid authentication) > > > > > > Am I loosing my mind. "test" and "test12345" are the same but "test" > > > and "test " are different? I know that in BGP, you can apply multiple > > > route-maps and if you leave a space at the end, the router things there > > > is another route-map your calling and therefor may not make it through. > > > > > > Thanks all! > > > > > > Tim > > > _ > > > Commercial lab list: http://www.groupstudy.com/list/commercial.html > > > Please discuss commercial lab solutions on this list. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46675&t=46675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RIP w/ key-chains [7:46671]
Tim, Very interesting Q. However, one thing, *key Chain* names are only locally significant (on the router on which its defined). *key string* should be same for "pair" of routers (or adjacent routers which are going to exchange updates). I have checked it at various sources, DOC CD under IP ROUTING PROTOCOL INDEPENDENT features, and also in RIPV2 chapter in Doyle I. Both have stated that key chain names are only locally significant, key-strings should be the same on both ends. My guess regarding the behaviour of blank space is that when you are defining key-chain , the space doesn't form a part of the actual name, but when you are applying it to the interface its being considered (it could also be the other way around). I will lab it up tonight and give it a check. rgds Nick - Original Message - From: Timothy Ouellette To: ; Sent: Saturday, June 15, 2002 1:15 PM Subject: RIP w/ key-chains > Okay folks, starting off a late night studying and noticed something > weird. Got two boxes connected like so RouterA---RouterB > > Router B has a bunch of segments off of it. Something weird. Per some > of the material I have, the key chain names are supposed to be the same > but I've found that on routerA I can use the name "test" and router B I > can use the name "test2" and it'll work (i.e Routes get passed properly) > > Router A > > key chain test > key 1 >key-string cisco > > ip rip authentication key test > > Router B > key chain test2 > key 1 > key-string cisco > > ip rip authentication test2 > > But if on routerB, I change the key-chain name to "test ". (yes there is > a space at the end) and apply the appropriate "ip rip authentication > test " into the interface then the router spits back about it not liking > the authentication (invalid authentication) > > Am I loosing my mind. "test" and "test12345" are the same but "test" > and "test " are different? I know that in BGP, you can apply multiple > route-maps and if you leave a space at the end, the router things there > is another route-map your calling and therefor may not make it through. > > Thanks all! > > Tim > _ > Commercial lab list: http://www.groupstudy.com/list/commercial.html > Please discuss commercial lab solutions on this list. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46671&t=46671 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re : Configuration Register Question [7:30715]
check this url out.. http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis4000/4000m/4000sig/vconfig.htm#41058 It has some good info on standard and so called non-std. config. register info. hth Nick _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30715&t=30715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: The old "how to get routes into IGRP" qu [7:29021]
>the rule of thumb is do what they say, but if something is not expressly >forbidden, it is fair game. True.. >the idea that some successful Lab takers all tend to agree on, is that >going >into the Lab you want to have a lot of tools at your disposal. So you can >filter redistribution using route tagging, or distribute lists or route >maps, for example. the Lab is notorious for presenting you with some >underhanded or devious requirement, one which is inside out from the way >you >might normally do things. after two times through, I am also under the >impression that there comes a point where the CCIE Lab designers realize >that something is being analyzed to death in the study materials and >newsgroups, so they take it out, and put in something else. I have study >materials that emphasized things like gateway discovery protocol, and other >obscure things. I presume a lot of this kind of stuff shows up in the >study >materials because of loose lips. Well, they certainly aren't treating the Written Qualification test the same way, otherwise they would really like to change "all" Que's since most of what cisco tests you on already appears on more popular practice tests. >to get back to your question, your Lab book will present you with a general >instruction that will say something like "do not do A, B, or C, unless >otherwise instructed" Then a particular requirement might say "you may do C >to accomplish this" or "do not do X to accomplish this" > >In the case of the particular practice lab, the instruction was "do not use >the default-network command" which got me to wondering what are some other >ways to get a default network into IGRP. Can't use quad zero. can't use a >default network. policy routing, and in particular local-policy was the >only >other thing I could come up with. and it is a real hack. or rather, it can >take some real planning. True again. If its not asking for too much, can you let me know a plan that I can follow to crack the lab (already passed the written) I know its difficult to create a plan without actually knowing what I know, and you might say that "one size doesnt fit all" thats true as well, but there would be a list of Do's & donts and a sequence where one should begin and where to end (if there is one :) Also, a list of absolute must technologies that one must know back to front (specially ATM & Voice, how much should we concentrate on, isnt Cisco ATM solutions an overkill ?) Thanx Nick >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Nick S. >Sent: Wednesday, December 12, 2001 8:11 PM >To: [EMAIL PROTECTED] >Subject: RE: The old "how to get routes into IGRP" qu [7:29021] > > >Chuck > >Just curious, from what I have read/heard, we are not supposed to use >Static/Default routes (unless explicitly mentioned/specified). I agree that >in some cases of VLSM/FLSM redistributions, it may be required and may be >asked for as well. So using a glorified "default/static" route in the form >of policy route wouldnt be a violation, would it ? > >Thanks >Nick _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29174&t=29021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
