04-06-2010 12:59 AM - edited 03-06-2019 10:28 AM
Hi,
I want to implement eigrp md5 authentication between one Cisco 3750 Catalyst Switch and an other Cisco 3560 Catalyst.
Routing is defined correctly with the autonomous system 10. Key Chains are created on the two switches.
I have implemented these commands on the relative interfaces :
ip authentication key-chain eigrp 10 EIGRP_KEYS
ip authentication mode eigrp 10 md5
When I issue debug ip packets , I can see that the md5 authentication don't take effect.
What I discovered, that all is ok on the 3750 switch, but on the 3560 switch, the command ip authentication key-chain eigrp 10 EIGRP_KEYS is delteled from the interface config.
Even I tried to enter this config again, but at any time, this config is systematicly deleted, causing the md5 eigp authentication to fail.
I rebooted the switch, but without any result, the problem is the same.
I am using the c3560-advipservicesk9-mz.122-44.SE1.bin IOS image on the Catalyst 3560. It there a known bug about this ?
If not, how can I fix this ?
Regards.
Solved! Go to Solution.
04-06-2010 02:15 AM
enaforhmd wrote:
Hi ganeshh.iyer ,
Thank you for your reply.
The link you provided is the same I used to implement my cnfig.
Concerning eigrp plain text authentication, I think that it's not supported.
Reagrds.
You are right, plain text authentication is not supported in EIGRP.
This sounds like the bug you are facing -
CSCsm26406 Bug Details | Bug #39 of 63 | < Previous | Next > |
---|
WI08: EIGRP authentication not working | |||
Symptom: The switch does not take the "ip authentication key-chain eigrp" command. When this command is issued there is no error message given so it appears that it is accepted. However when doing a show run under the interface, the command is not there. Issuing this command also removes the "ip authentication mode eigrp" command. The result is that eigrp authentication does not work. Conditions: This problem was observed on 3750-ME and 3750E running 12.2(44)SE. Workaround: There is no workaround. | Status Fixed Severity 3 - moderate Last Modified In Last Year Product Cisco IOS software Technology IP Routing 1st Found-In 12.2(0.0.15)SE1 Known Affected Versions Fixed-In 12.2(44)SE2 12.2(46.3)SID12 12.2(44)SE2 12.2(50.1)SIN 12.2(50)SG 12.2(46)SG1 12.2(52)SG 12.2(50)SG3 12.2(53)SG 12.2(52)XO 12.2(50)SG5 | ||
|
There is no workaround other than to upgrade.
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
04-06-2010 01:08 AM
Hi,
I want to implement eigrp md5 authentication between one Cisco 3750 Catalyst Switch and an other Cisco 3560 Catalyst.
Routing is defined correctly with the autonomous system 10. Key Chains are created on the two switches.
I have implemented these commands on the relative interfaces :
ip authentication key-chain eigrp 10 EIGRP_KEYS
ip authentication mode eigrp 10 md5
When I issue debug ip packets , I can see that the md5 authentication don't take effect.What I discovered, that all is ok on the 3750 switch, but on the 3560 switch, the command ip authentication key-chain eigrp 10 EIGRP_KEYS is delteled from the interface config.
Even I tried to enter this config again, but at any time, this config is systematicly deleted, causing the md5 eigp authentication to fail.
I rebooted the switch, but without any result, the problem is the same.
I am using the c3560-advipservicesk9-mz.122-44.SE1.bin IOS image on the Catalyst 3560. It there a known bug about this ?
If not, how can I fix this ?
Regards.
Hi,
Have tried with plain text authentication on your routers,is this working or not and are you configuring the as the below mentioned step like first authentication mode and then the key chain.
Check out the below link for step by step configuration of authentication of eigrp in routers
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00807f5a63.shtml
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
04-06-2010 01:20 AM
Hi ganeshh.iyer ,
Thank you for your reply.
The link you provided is the same I used to implement my cnfig.
Concerning eigrp plain text authentication, I think that it's not supported.
Reagrds.
04-06-2010 02:15 AM
enaforhmd wrote:
Hi ganeshh.iyer ,
Thank you for your reply.
The link you provided is the same I used to implement my cnfig.
Concerning eigrp plain text authentication, I think that it's not supported.
Reagrds.
You are right, plain text authentication is not supported in EIGRP.
This sounds like the bug you are facing -
CSCsm26406 Bug Details | Bug #39 of 63 | < Previous | Next > |
---|
WI08: EIGRP authentication not working | |||
Symptom: The switch does not take the "ip authentication key-chain eigrp" command. When this command is issued there is no error message given so it appears that it is accepted. However when doing a show run under the interface, the command is not there. Issuing this command also removes the "ip authentication mode eigrp" command. The result is that eigrp authentication does not work. Conditions: This problem was observed on 3750-ME and 3750E running 12.2(44)SE. Workaround: There is no workaround. | Status Fixed Severity 3 - moderate Last Modified In Last Year Product Cisco IOS software Technology IP Routing 1st Found-In 12.2(0.0.15)SE1 Known Affected Versions Fixed-In 12.2(44)SE2 12.2(46.3)SID12 12.2(44)SE2 12.2(50.1)SIN 12.2(50)SG 12.2(46)SG1 12.2(52)SG 12.2(50)SG3 12.2(53)SG 12.2(52)XO 12.2(50)SG5 | ||
|
There is no workaround other than to upgrade.
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
04-06-2010 03:22 AM
Hi jon.marshall,
You are right.
After an IOS image uppgrade, the bug is fixed.
EIGRP authentication works fine !!!.
Many Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: