Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

MD 5 in EIGRP

Hi,

After configuring EIGRP using MD5,AAA authentication is not taking.

Pls suggest.

regds

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: MD 5 in EIGRP

one more thing in ur config..

key chain TTL

key 1

key-string 7 15200419302F

accept-lifetime 15:45:00 Jan 9 2008

infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

key 2

key-string 7 113B1610231759

accept-lifetime 15:45:00 Jan 9 2008 infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

!

The send life time starts form Jan 9 2010!!!!.Make it same as of accept-lifetime date and check..

so i think this is not sending any key now.What is the configuration on other end routers??

11 REPLIES
Silver

Re: MD 5 in EIGRP

AAA for your lines? Is EIGR working ok?

Hall of Fame Super Gold

Re: MD 5 in EIGRP

Nasheer

You do not provide much detail to work from. The symptoms that you describe suggest that there may be a connectivity problem between your router and your authentication server. Can you verify whether the router is able to ping the authentication server (using whatever source address may have been specified)?

My guess is that there is some problem with the EIGRP authentication and that you lost some routes from your routing table.

HTH

Rick

Community Member

Re: MD 5 in EIGRP

Hi,

Pls find the configuration of one side router.

regds

Re: MD 5 in EIGRP

Hi,

I think you are missing the eigrp authetication configuration

Add following statements under your interfaces:

ip authentication key-chain eigrp 7 TTL

ip authentication mode eigrp 7 md5

HTH,

regards,

shri :)

Re: MD 5 in EIGRP

HI Nasheer, [Do Rate if HELPS]

Please install the below configuration in your Router: (AAA - Authentication, Authorization and Accounting):

AAA:

-------

aaa authentication login vty tacacs+ local

aaa authentication login conuser tacacs+ local

aaa authentication enable default tacacs+ enable

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting commands 15 default start-stop tacacs+

tacacs-server host xxx.xxx.xxx.xxx

tacacs-server key 7 08124D601035103D32535554

In your attached Configuration, AAA commands are missing and in adddition for EIGRP there are no MD5 authentication enabled.

Do RATE if HELPS

Best Regards,

Guru Prasad R

Community Member

Re: MD 5 in EIGRP

Hi guru,

Still not working.I had EIGRP commands and AAA.

Pls suggest.

regds

Re: MD 5 in EIGRP

HI Nasheer,

Can you pls POST the sh run of Router in which the configurations are installed.

>> Is the Router can able to PING the TACACS Server ??

Do RATE ALL HELPFUL POSTS

Best Regards,

Guru Prasad R

Bronze

Re: MD 5 in EIGRP

one more thing in ur config..

key chain TTL

key 1

key-string 7 15200419302F

accept-lifetime 15:45:00 Jan 9 2008

infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

key 2

key-string 7 113B1610231759

accept-lifetime 15:45:00 Jan 9 2008 infinite

send-lifetime 15:45:00 Jan 9 2010 infinite

!

The send life time starts form Jan 9 2010!!!!.Make it same as of accept-lifetime date and check..

so i think this is not sending any key now.What is the configuration on other end routers??

Community Member

Re: MD 5 in EIGRP

Thanks Arun.I had configured as 2010 because it should accept the given key only up to that period.

I had corrected the configuration.

regds

Community Member

Re: MD 5 in EIGRP

Hi guru,

Pls check..

regds

Re: MD 5 in EIGRP

hi,

good point by arun...

plz check the send-life time configured and make it same as accept life-time at least make it in year 2008.

HTH,

regards,

shri :)

170
Views
0
Helpful
11
Replies
CreatePlease to create content