multiple key-id's are meant for *transition* stages, when you are changing the authentication keys. Or, you have configured automatic change of keys beginning certain date/time. However, I think that if key-id 1 has a value "cisco" the other end better have a key-id 1 value "cisco" or else it wont work.
So what you are saying is correct regarding key-id's. The "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" seems a peculiar behaviour... I guess this is one more thing that we need to lab up and check. rgds Nick ----- Original Message ----- From: Timothy Ouellette To: Nick Shah Cc: ; ; Sent: Saturday, June 15, 2002 2:47 PM Subject: Re: RIP w/ key-chains > Yeah, it is kind of interesting. What's more interesting is the following. I > think that when you define your key-chain and you put a space and the end that > it doesn't really take that. What I think is happening is that when you try to > apply it under the "ip rip authentication key test " with the space at the > end. You'll notice that if you type that in and press ? that you can do the > following "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" forever, does > that mean you can call multiple key-chains? I'm not sure, so what I think may > be happening is that space may be telling the router that there is another > key-chain following the first one and then it cannot find the next one (cuz > there isn't one) and that's why it fails. > > I accept your statement about the key-chaings being locally significant, but > what about key id's? I remember reading somewhere that those have to be the > same such that if your using key 1 on routera, key 1 better be on routerb. Or > was that eigrp? I'll have to play "lab it up" a little more. > > Tim > > Nick Shah wrote: > > > Tim, > > > > Very interesting Q. > > > > However, one thing, *key Chain* names are only locally significant (on the > > router on which its defined). *key string* should be same for "pair" of > > routers (or adjacent routers which are going to exchange updates). I have > > checked it at various sources, DOC CD under IP ROUTING PROTOCOL INDEPENDENT > > features, and also in RIPV2 chapter in Doyle I. Both have stated that key > > chain names are only locally significant, key-strings should be the same on > > both ends. > > > > My guess regarding the behaviour of blank space is that when you are > > defining key-chain , the space doesn't form a part of the actual name, but > > when you are applying it to the interface its being considered (it could > > also be the other way around). > > > > I will lab it up tonight and give it a check. > > > > rgds > > Nick > > ----- Original Message ----- > > From: Timothy Ouellette > > To: ; > > Sent: Saturday, June 15, 2002 1:15 PM > > Subject: RIP w/ key-chains > > > > > Okay folks, starting off a late night studying and noticed something > > > weird. Got two boxes connected like so RouterA-------RouterB > > > > > > Router B has a bunch of segments off of it. Something weird. Per some > > > of the material I have, the key chain names are supposed to be the same > > > but I've found that on routerA I can use the name "test" and router B I > > > can use the name "test2" and it'll work (i.e Routes get passed properly) > > > > > > Router A > > > > > > key chain test > > > key 1 > > > key-string cisco > > > > > > ip rip authentication key test > > > > > > Router B > > > key chain test2 > > > key 1 > > > key-string cisco > > > > > > ip rip authentication test2 > > > > > > But if on routerB, I change the key-chain name to "test ". (yes there is > > > a space at the end) and apply the appropriate "ip rip authentication > > > test " into the interface then the router spits back about it not liking > > > the authentication (invalid authentication) > > > > > > Am I loosing my mind. "test" and "test12345" are the same but "test" > > > and "test " are different? I know that in BGP, you can apply multiple > > > route-maps and if you leave a space at the end, the router things there > > > is another route-map your calling and therefor may not make it through. > > > > > > Thanks all! > > > > > > Tim > > > _________________________________________________________________ > > > Commercial lab list: http://www.groupstudy.com/list/commercial.html > > > Please discuss commercial lab solutions on this list. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46675&t=46675 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
