EIGRP authentication issue

Answered Question
Apr 6th, 2010

Hi,

I want to implement eigrp md5 authentication between one Cisco 3750 Catalyst Switch and an other Cisco 3560 Catalyst.

Routing is defined correctly with the autonomous system 10. Key Chains are created on the two switches.

I have implemented these commands on the relative interfaces :

ip authentication key-chain eigrp 10 EIGRP_KEYS

ip authentication mode eigrp 10 md5


When I issue debug ip packets , I can see that the md5 authentication don't take effect.

What I discovered, that all is ok on the 3750 switch, but on the 3560 switch, the command ip authentication key-chain eigrp 10 EIGRP_KEYS is delteled from the interface config.

Even I tried to enter this config again, but at any time, this config is systematicly deleted, causing the md5 eigp authentication to fail.

I rebooted the switch, but without any result, the problem is the same.

I am using the c3560-advipservicesk9-mz.122-44.SE1.bin IOS image on the Catalyst 3560. It there a known bug about this ?

If not, how can I fix this ?

Regards.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 4 years 2 weeks ago

enaforhmd wrote:

Hi ganeshh.iyer ,

Thank you for your reply.

The link you provided is the same I used to implement my cnfig.

Concerning eigrp plain text authentication, I think that it's not supported.

Reagrds.

You are right, plain text authentication is not supported in EIGRP.

This sounds like the bug you are facing -

CSCsm26406 Bug Details Bug #39 of 63 | < Previous | Next >

                        
WI08:  EIGRP authentication not working

Symptom:


The switch does not take the "ip authentication key-chain eigrp"
command.  When this command is issued there is no error message
given so it appears that it is accepted.  However when doing a show
run under the interface, the command is not there.  Issuing this command
also removes the "ip authentication mode eigrp" command.  The result is
that eigrp authentication does not work.

Conditions:


This problem was observed on 3750-ME and 3750E running 12.2(44)SE.

Workaround:


There is no workaround.
Status
Fixed             

Severity        
3 - moderate


Last Modified
In Last Year        

Product
Cisco IOS software         

Technology
IP Routing      

1st Found-In
12.2(0.0.15)SE1       
      Known Affected Versions This link will launch a new window.

     
Fixed-In
12.2(44)SE2
12.2(46.3)SID12
12.2(44)SE2
12.2(50.1)SIN
12.2(50)SG
12.2(46)SG1
12.2(52)SG
12.2(50)SG3
12.2(53)SG
12.2(52)XO
12.2(50)SG5                                                          
Interpreting This Bug
           Bug Toolkit provides access to the latest raw bug data so you have the earliest possible knowledge of bugs that may affect your network, avoiding un-necessary downtime or inconvenience. Because you are viewing a live database, sometimes the information provided is not yet complete or adequately documented. To help you interpret this bug data, we suggest the following:
  • This status of this bug is fixed. The problem described in the bug report is "fixed-in" all release versions targeted to be fixed, and all changes have been successfully tested.
  • Check for a software release later than these listed in the "Fixed-in" versions in software download center.
  • The "fixed-in" version may not be available for download yet until all the other bugs targeted to be fixed for that major release are processed. No release date information is available to Bug Toolkit. Please check the software download section frequently to look for a new version.
  • Sometimes the bug details, when available, contain the "fixed-in" version information or link to the upgrade or patch.
  • Always check the software release notes before performing any upgrade to understand new functionality and open bugs not yet fixed.
  • Any "workaround" listed in the bug details section is generally provided as a way to circumvent the bug until the code fix has been completed; often in lieu of downgrading to a non-affected version of code.
  • In certain rare circumstances, we are unable to fix the bug in all versions in which it is found. The bug will still have a 'fixed' status. Please open a service request with the Technical Assistance Center if you are being impacted by a bug in this condition.
  • Obscure version references are usually internal builds and may never be posted as a full release. Please watch for a release version later than the interim build displayed.
  • This bug has a Moderate severity 3 designation. Things fail under unusual circumstances, or minor features do not work at all, or things fail but there is a low-impact workaround.
  • This is the highest level for documentation bugs.  (Bug Toolkit may not provide access to all documentation bugs.)
  • This bug may not affect the IOS-running product you selected but is provided as a possible match. Remember IOS bugs are rarely platform-specific but all platforms do not necessarily allow the use of all the features included in a given IOS release. For this reason, Bug Toolkit could display a bug that obviously doesn't affect your platform.
  • This bug may not affect your version but was returned as a likely possibility since it was introduced but not fixed within the version range you are searching (See Known Affected Versions link.)
  • Severity levels are designated by the engineering teams working on the bug. Severity is not an indication of customer priority which is another value used by engineering teams to determine overall customer impact.
  • Bug documentation often assumes intermediate to advanced troubleshooting and diagnosis knowledge. Novice users are encouraged to seek fully documented support documents and/or utilize other support options available.
  • There is no workaround other than to upgrade.

    Jon


    Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

    • 1
    • 2
    • 3
    • 4
    • 5
    Average Rating: 5 (1 ratings)
    ganeshh.iyer Tue, 04/06/2010 - 01:08

    Hi,

    I want to implement eigrp md5 authentication between one Cisco 3750 Catalyst Switch and an other Cisco 3560 Catalyst.

    Routing is defined correctly with the autonomous system 10. Key Chains are created on the two switches.

    I have implemented these commands on the relative interfaces :

    ip authentication key-chain eigrp 10 EIGRP_KEYS

    ip authentication mode eigrp 10 md5


    When I issue debug ip packets , I can see that the md5 authentication don't take effect.

    What I discovered, that all is ok on the 3750 switch, but on the 3560 switch, the command ip authentication key-chain eigrp 10 EIGRP_KEYS is delteled from the interface config.

    Even I tried to enter this config again, but at any time, this config is systematicly deleted, causing the md5 eigp authentication to fail.

    I rebooted the switch, but without any result, the problem is the same.

    I am using the c3560-advipservicesk9-mz.122-44.SE1.bin IOS image on the Catalyst 3560. It there a known bug about this ?

    If not, how can I fix this ?

    Regards.


    Hi,

    Have tried with plain text authentication on your routers,is this working or not and are you configuring the as the below mentioned step like first authentication mode and then the key chain.

    Check out the below link for step by step configuration of authentication of eigrp in routers

    http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00807f5a63.shtml

    Hope to Help !!

    Ganesh.H

    Remember to rate the helpful post

    enaforhmd Tue, 04/06/2010 - 01:20

    Hi ganeshh.iyer ,

    Thank you for your reply.

    The link you provided is the same I used to implement my cnfig.

    Concerning eigrp plain text authentication, I think that it's not supported.

    Reagrds.

    Correct Answer
    Jon Marshall Tue, 04/06/2010 - 02:15

    enaforhmd wrote:

    Hi ganeshh.iyer ,

    Thank you for your reply.

    The link you provided is the same I used to implement my cnfig.

    Concerning eigrp plain text authentication, I think that it's not supported.

    Reagrds.

    You are right, plain text authentication is not supported in EIGRP.

    This sounds like the bug you are facing -

    CSCsm26406 Bug Details Bug #39 of 63 | < Previous | Next >

                            
    WI08:  EIGRP authentication not working

    Symptom:


    The switch does not take the "ip authentication key-chain eigrp"
    command.  When this command is issued there is no error message
    given so it appears that it is accepted.  However when doing a show
    run under the interface, the command is not there.  Issuing this command
    also removes the "ip authentication mode eigrp" command.  The result is
    that eigrp authentication does not work.

    Conditions:


    This problem was observed on 3750-ME and 3750E running 12.2(44)SE.

    Workaround:


    There is no workaround.
    Status
    Fixed             

    Severity        
    3 - moderate


    Last Modified
    In Last Year        

    Product
    Cisco IOS software         

    Technology
    IP Routing      

    1st Found-In
    12.2(0.0.15)SE1       
          Known Affected Versions This link will launch a new window.

         
    Fixed-In
    12.2(44)SE2
    12.2(46.3)SID12
    12.2(44)SE2
    12.2(50.1)SIN
    12.2(50)SG
    12.2(46)SG1
    12.2(52)SG
    12.2(50)SG3
    12.2(53)SG
    12.2(52)XO
    12.2(50)SG5                                                          
    Interpreting This Bug
               Bug Toolkit provides access to the latest raw bug data so you have the earliest possible knowledge of bugs that may affect your network, avoiding un-necessary downtime or inconvenience. Because you are viewing a live database, sometimes the information provided is not yet complete or adequately documented. To help you interpret this bug data, we suggest the following:
  • This status of this bug is fixed. The problem described in the bug report is "fixed-in" all release versions targeted to be fixed, and all changes have been successfully tested.
  • Check for a software release later than these listed in the "Fixed-in" versions in software download center.
  • The "fixed-in" version may not be available for download yet until all the other bugs targeted to be fixed for that major release are processed. No release date information is available to Bug Toolkit. Please check the software download section frequently to look for a new version.
  • Sometimes the bug details, when available, contain the "fixed-in" version information or link to the upgrade or patch.
  • Always check the software release notes before performing any upgrade to understand new functionality and open bugs not yet fixed.
  • Any "workaround" listed in the bug details section is generally provided as a way to circumvent the bug until the code fix has been completed; often in lieu of downgrading to a non-affected version of code.
  • In certain rare circumstances, we are unable to fix the bug in all versions in which it is found. The bug will still have a 'fixed' status. Please open a service request with the Technical Assistance Center if you are being impacted by a bug in this condition.
  • Obscure version references are usually internal builds and may never be posted as a full release. Please watch for a release version later than the interim build displayed.
  • This bug has a Moderate severity 3 designation. Things fail under unusual circumstances, or minor features do not work at all, or things fail but there is a low-impact workaround.
  • This is the highest level for documentation bugs.  (Bug Toolkit may not provide access to all documentation bugs.)
  • This bug may not affect the IOS-running product you selected but is provided as a possible match. Remember IOS bugs are rarely platform-specific but all platforms do not necessarily allow the use of all the features included in a given IOS release. For this reason, Bug Toolkit could display a bug that obviously doesn't affect your platform.
  • This bug may not affect your version but was returned as a likely possibility since it was introduced but not fixed within the version range you are searching (See Known Affected Versions link.)
  • Severity levels are designated by the engineering teams working on the bug. Severity is not an indication of customer priority which is another value used by engineering teams to determine overall customer impact.
  • Bug documentation often assumes intermediate to advanced troubleshooting and diagnosis knowledge. Novice users are encouraged to seek fully documented support documents and/or utilize other support options available.
  • There is no workaround other than to upgrade.

    Jon


    Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

    enaforhmd Tue, 04/06/2010 - 03:22

    Hi jon.marshall,

    You are right.

    After an IOS image uppgrade, the bug is fixed.

    EIGRP authentication works fine !!!.

    Many Thanks.

    Actions

    Login or Register to take actions

    This Discussion

    Posted April 6, 2010 at 12:59 AM
    Stats:
    Replies:4 Avg. Rating:5
    Views:1372 Votes:0
    Shares:0
    Tags: No tags.

    Discussions Leaderboard

    Rank Username Points
    1 15,007
    2 8,150
    3 7,730
    4 7,083
    5 6,742
    Rank Username Points
    155
    77
    70
    69
    50