authentication of EIGRP neighbors
I want to know how far behind I me if I configure md5 authentication in my neighbors eigrp. I guess that's not much, but I would like to have the info, if anyone knows I'll apreciate it
Thank you
Hello
There will be no noticeable delay with authentication EIGRP. It will be an MD5 hash in the EIGRP packets and time, cost is the processing time to generate the hash. It is the order of microseconds, and finally development.
I hope this helps! Please note all messages.
Regards, Martin
Tags: Cisco Security
Similar Questions
-
DMVPN + found EIGRP neighbor
Hello
Relocation of the production LABORATORY and I can't get the HUB router to participate in EIGRP. I see in the neighbouring newspapers not found (10.1.2.192), which is the interface of the satellite mission tunnel.
HUBS:
Tunnel1 interface
10.1.2.1 IP address 255.255.255.0
no ip redirection
IP 1400 MTU
no ip next-hop-self eigrp 3111
no ip split horizon eigrp 3111
authentication of the PNDH IP TEST
dynamic multicast of IP PNDH map
PNDH network IP-1 id
property intellectual PNDH holdtime 300
IP tcp adjust-mss 1360
source of tunnel GigabitEthernet0/0
multipoint gre tunnel mode
tunnel key 123
Shared protection ipsec TEST-DMVPN tunnel profile
...........
Router eigrp 3111
10.0.0.0 network
EIGRP router id 10.120.0.10
............
R4-2911-HUB #show ip eigrp neighbors
IPv4-EIGRP Neighbors for ACE (3111)
........
Ms 3 23:18:21.264: EIGRP: Neighbor (10.1.2.192) not found
................
SPEAKS:
Tunnel1 interface
IP 10.1.2.192 255.255.255.0
no ip redirection
IP 1400 MTU
authentication of the PNDH IP TEST
map of PNDH 10.1.2.1 IP 205.234.20.11
PNDH network IP-1 id
property intellectual PNDH holdtime 300
property intellectual PNDH nhs 10.1.2.1
IP tcp adjust-mss 1360
source of tunnel GigabitEthernet0/1
multipoint gre tunnel mode
tunnel key 123
Shared protection ipsec TEST-DMVPN tunnel profile
.........
Router eigrp 3111
10.0.0.0 network
connected EIGRP stub
..........
IPv4-EIGRP Neighbors for ACE (3111)
H address Interface Hold Uptime SRTT RTO Q Seq
(s) (ms) NTC Num
1 10.1.2.1 Tu1 13 00:00:10 1 5000 1 0
2 10.192.11.1 Gi0/0.1 14 00:07:05 16 100 0 39
10.192.2.1 00:07:06 148 888 14 Gi0/0.2 0 0 36
.......
* 3 sep 23:19:18.675: down: Peer 10.1.2.1 total = 0 2 heel, heel iidb = 0 iid - all = 0
* 3 sep 23:19:18.675: EIGRP: manage a deallocation failure [1]
* 3 sep 23:19:18.675: EIGRP: neighbour 10.1.2.1 descended upon Tunnel1.
* 3 sep 23:19:22.943: EIGRP: new peer 10.1.2.1.
* 3 sep 23:19:22.943: % NBRCHANGE-5-DOUBLE: 3111 IPv4 EIGRP: neighbour 10.1.2.1 (Tunnel1) is in place: new adjacency...
Can someone help me? I for the life of me can't understand why the rays can peers but the HUB is impossible.
Hello
Usually, the RADIUS is configured with the PNDH ip map 205.234.20.11 multicast on his love interface. I do not see this line in your mission satellite configuration - could you add it?
Also, you happen to use any command of nearby in your EIGRP configuration on the hub or the RADIUS?
Best regards
Peter
-
Hello
I run a solution DMVPN mode double hub. I use EIGRP as Protocol routing between the hub and the spokes.
I know that the gre is pain most of the time, but we have to live with that. Although I had neighbors talk about EIGRP
stable for 8-9 weeks and other drop all the few weeks that I realized 2 days all EIGRP neighbors dropped simultaneously
in the two centres.
On each RADIUS, I run a phase commune 1 for the VPN, but different phase 2 of people who know well the DMVPN th know what I mean.
HUBs located in different areas and it was not issue of bandwidth to assign the two hubs at the same time. Its really something
with protocols that use the DMVPN or EIGRP.
I saw DMVPN drops I saw only the EIGRP neighborship declined for all rays in both same time centers. Any suggestions
Why EIGRP failed?
It could be something with PNDH or an IOS bug;
iOS c800-universalk9 - mz.spa.153 - 3.m.bin
Please don't ask me basic troubleshooting, connectivity or timers. I'm looking for an advanced suggestion I have solved many problems DMVPN
which cisco even could not find.
I am looking forward to good suggestion and thank you for taking the time to consider the issue.
Kind regards
Spyros
Hello
«Do not forget that it is a design talk to speak.» Talk about communication talk goes staright away. DMVPN creates a dynamic tunnel between them and does not have the traffic via the HUB. »
I think I disagree with you here cordially with these instructions next hop and split horizon of eigrp on shelves
Rays set in fact tunnels between them however I'm being understood that the PNDH Rais of first need to query the cache of the PNDH server for the ip address of 'inside' to speak it it wants to connect to check the accessibility of the address of tunnel - I can't see or understand now why this requirement is also necessary on the rays.
When you say adjacencies eigrp lowered at the same time - we are still not sure, this is due to some partial failure that has been found to ask, but I think for all rollover between hubs eigrp to work they must have potential successors then do these show upward in the topology tables? -Maybe you had a situation where the two hubs became State SIA and dropped?
One last thing for a DWVPN mesh (talk to speaks) don't is not PKI is necessary and not pre-shared key and you say said cisco iOS has been or use cordially IPSec/gre is buggy what they suggest to make? As in your last post, you say that you sorted.
RES
PaulSent by Cisco Support technique iPad App
-
Study on authentication of neighboring router EIGRP
Hello
I'm studying for my OFFICE. There is an area called "the EIGRP neighbor router authentication." Because it's safer and I don't have rear security on the ground, find it me difficult to understand all thoe MD5, key, key ring, key etc. chain.
Can someone please recommend me a note for me to read and understand what these things are, how they really work etc?
Thanks in advance!
Hi, a very good link to CCO for your purpose is:
Kind regards.
Hope this helps, so pls if rate post
-
EIGRP: Package ourselves ignored
I did a debug eigrp neighbors, and I got the message "EIGRP: package ourselves ignored" every 5 seconds. I found that I could get rid of it through the passive loopback interface. So is this just cosmetic, or is it considered good practice to make passive loopback interfaces? What are the advantages and disadvantages?
Kevin Dorrell
Luxembourg
Kevin
I see only one single factor that could be a con to passive looping with EIGRP. If you make the passive interface it does not appear when you show ip eigrp interface. (and if it's really a con will depend on your point of view) I see several factors pro. If the closure is not passive, EIGRP will build and try to send (or perhaps based on your results I should say sends) a Hello packet to itself and are preparing to attempt to build a contiguity. Of course the adjacency will never do. So if you're passive looping you will gain a number of overhead.
If you include a network for looping statement, but liabilities of closure it is always announced that according to me is the main reason to enroll him in EIGRP. If we get the main advantage and can save some overhead so I guess maybe it's bordered on being a best practice. (Although I must admit that most of the configs I do not have passive looping. "So I do not believe very strongly in this subject being recommended.)
HTH
Rick
-
Mutual redistribution between EIGRP and BGP and match statements
Hello Experts
I'm working on a problem of mutual redistribution between EIGRP and BGP
The idea is a beacon (210) on traffic from our LAN on R2 - 2 so that it can be put in correspondence and denied the R3-7. The goal is to prevent routing loops.
The routes are redistributed in R1 - 1, but I am not able to see if the roads are being marked.
Can someone let me know how to check the roads are being filtered with course maps?
TBH, I don't think the market at all.
I have attached the configs and view orders.
I read somewhere the problem was with match type internal route command, but I don't know if this is the problem
Any help will be greatly appreciated.
Topology and configs are attached.
See you soon
Hello
You have 2 points:
- Deny the redistribution of EIGRP routes tag in BGP: you already have with your route map
- You must filter the roads scholar eigrp on R5 to them are not propagated in R2. I'll use a roadmap for the tag and the EIGRP neighbor. The configuration looks like:
IP access-list standard FROM_R4
license to host 192.168.1.2
!
!
EIGRP-TAG route map deny 10
! subnets from R4 with tag 210
match ip route-source FROM_SLDC
game tag 210
EIGRP-TAG allowed 20 route map
!
Router eigrp 65100
! Filtering of marked routes
route map EIGRP-distribute-list tag in
!Currently, you are missing a piece to import these networks R5.
Thank you
PS: Please do not forget to rate and score as correct answer if this answered your question
-
Nearby EIGRP falls on GRE tunnel
I have several users working at home with a router 871 a 2811 access in our offices. While most of these connections works without any problem, I have a few sites that continue to drop the EIGRP neighbor. Here is a sample of the log file
* Dec 17 06:32:48: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency
* Dec 17 06:41:58: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is falling: Farewell Interface received
* Dec 17 06:42:03: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency
* Dec 17 06:43:41: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is falling: Farewell Interface received
* Dec 17 06:43:46: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency
* Dec 17 06:49:30: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is falling: Farewell Interface received
* Dec 17 06:49:33: % DUAL-5-NBRCHANGE: 10 IP-EIGRP (0): neighbor 172.29.1.49 (Tunnel1) is on the rise: new adjacency
Does anyone have any ideas as to what may cause this problem?
Rick
Run us EIGRP GRE/IPSec tunnels to many remote routers. We have seen this problem of instability of EIGRP neighbor, more in some areas and less in others. Often one side removes the neighbor relationship and sends a 'goodby' neighbor. I guess it must if with packet loss drop some of the EIGRP Hello messages. We found that, by increasing the EIGRP timers, we reduced the frequency with which we see the problem (we use 15 and 45 rather than the value default 5 and 15).
HTH
Rick
-
3000 VPN concentrator using ospf md5 authentication failed
Hi all
I just tested ospf with a 3005 VPN connected with a cisco router using ospf md5 authentication, but fail. Cisco router, I can see neighbouring State ospf is "INIT", but can not see any connection VPN 3005, physical connection is good, ping can be reached between them. I tried the command "ip ospf authentication message-digest & ip ospf authentication-key ' and"ip ospf message-digest-key"command in the router the password is the same in both sides and the md5 id has been set. But when I use simple authentication or disable authentication that the neighbor relationship can ride. Any body met this case before? Thank you!
Best regards
Teru Lei
Hello
This is a known bug, I also met this before: CSCef38044
It is not possible to accumulate OSPF with newer versions of IOS, on which they'RE ability is enabled using MD5 hash neighborship. They'RE capa is activated somewhere of 12.2 T. This behavior can be found on CVPN 4.1.5 and above whose 4.7 also.
I tested it with several IOS and OS CVPN - same result. The symptom: router ospf neighborship remains in the State INIT/DROTHER.
Workaround is to configure the router:
router ospf 1
No they're ability
This will solve your problem.
Attila Suba
-
DMVPN Tunnel and EIGRP routing problem
I have redundant paths to a remote 2811 router on my network of sites. The first links is a T1 frame relay connection that has been in place for years, and the new link is on a 54 Mbps fixed wireless that was recently created.
I'm under EIGRP to my process of routing protocol 100 for the two links.
I installed a DMVPN Tunnel between the remote 2811 and no. 2851 router on my host site. The tunnel interface shows to the top and to the top of both sides and I can ping the IP remote tunnel of my networks side host.
However my eigrp routes are not spread over this new tunnel link and if I run a command show ip eigrp neighbor on each router I show only the neighbor for the frame relay link and not the new wireless link.
What I'm missing here?
A tunnel0 to see the shows the following:
Tunnel0 is up, line protocol is up
Material is Tunnel
The Internet address is 10.x.x.x/24
MTU 1514 bytes, BW 54000 Kbps, DLY 10000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
KeepAlive not set
Tunnel source (FastEthernet0/1), destination 172.x.x.x 10.x.x.x
Tunnel/GRE/IP transport protocol
Key 0x186A0, sequencing of the people with reduced mobility
Disabled packages parity check
TTL 255 tunnel
Quick tunneling enabled
Tunnel of transmission bandwidth 8000 (Kbps)
Tunnel to receive 8000 (Kbps) bandwidth
Tunnel of protection through IPSec (profile "CiscoCP_Profile1")
Last entry of 00:00:01, exit ever, blocking of output never
Final cleaning of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 947
Strategy of queues: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bps, 0 packets/s
5 minute output rate 0 bps, 0 packets/s
packages of 880, 63000 bytes, 0 no buffer entry
Received 0 broadcasts, 0 Runts, 0 Giants 0 shifters
errors entry 0, 0 CRC, overgrown plot of 0, 0, 0 ignored, 0 abort
output of 910 packages, 81315 bytes, 0 underruns
0 output errors, 0 collisions, 0 resets interface
unknown protocol 0 drops
output buffer, the output buffers 0 permuted 0 failuresPlease go ahead and add a static route on the hub, so it goes through the wireless link and let me know if everything works correctly.
Federico.
-
All,
Got a facility below I'm looking for confirmation his works, your entries please
SW1 - core <------------------- trunk="" -----------="" -----------------="">core sw2
! !
! !
! !
Distribution L3 switch1 - not back to back connection - Distribution L3 switch2
! !
trunk trunk
! !
access layer switch sw1 - connection to distribution switches trunk
(1) I have (SW1 and SW2) basic switches connected to distribution switches (SW1 and SW2 L3 Distribution) the port configured with trunk and L3 interface vlan 40, the vlan 40 forming EIGRP neighbor ship with distribution, so ports switches using L2 and L3. also HSRP vlan 40 configured assets (sw1) standby time (sw2)
(2) distribution switches - connected to basic with chest & int switches vlan 40 forming EIGRP neighbor ship with two basic switches - no VLANs hsrp 40 configured on the distribution switches
(4) access layer switch - connected to the distribution and L2 switches vlan trunk 40 allowed. the gateway to this switch is now based on the HSRP active switches vlan 40 FT
(5) to access switch the connected port Distribution sw1 - State PLEASE FWD, the other port in State BLK
I would like to check with you, if connection made closed between the access to the distribution of switch 1 switch, STP removes the second port of State BLK and put in forwarding State &
traffic will hit the sw2 basis and reach the gateway IP active HSRP to Core sw1
I would say that he must work very well as long as the path EIGRP cost is in line with your bridge ID switch to designated paths. If you are under equal-cost path and default bridge ID, it can cause some strange paths by default so I think it is your primary consideration.
-------------------> -
Hi, guys
Could you please help me with this matter?
When you configure the DMVPN talk-to-spoke with several hubs (GRE IPSEC EIGRP) talked about what traffic should be allowed on the external physical interface on a router?
!
IP access-list еxtended CRYPTO-ONLY
license to esp [IPSEC peers Reomote] [IPSEC peer Local]
permit of eq isakmp udp [IPSEC peers Reomote] [IPSEC peer Local]
allow accord [IPSEC peers Reomote] [IPSEC peer Local]
!
interface FastEthernet
IP access-group CRYPTO ONLY in
!
If I delete the last line of the access list, where the "free WILL" is permitted, the router never built EIGRP neighbor relationships. If this line should be present? If so, does any not encrypted GRE traffic will come out?
Thanks in advance,
Mladen
Hey Mladen,
The access list bound to the external interface is checked twice IE before and after decryption. This is why you must allow packets will clear also.
HTH
Sangaré
pls rate helpful messages
-
The GRE Tunnel descends?
So here's my setup:
Internal router (2821) > Cluster internal DMZ ASA > router DMZ (2821) > external DMZ Checkpoint Cluster > Branch Office router (877)
Internal Cluster ASA a configured PAT production internal then all the VLANS.
The router in the DMZ has an interior interface configured on the internal DMZ and an external interface configured on the external DMZ. The DMZ router has two interfaces configured loopback.
The external control point is configured with NAT for the incoming and outgoing traffic.
The branch is a DSL router with a static IP address.
The first requirement is to configure a GRE IPSec tunnel between the DMZ router and the branch office router.
The second condition is to configure a GRE IPSec tunnel between the internal router and the router in the DMZ.
The third requirement is to allow routing between the internal router and the branch through the router in the DMZ, because it is ultimately the connection between the head office and branch of live backup.
I configured a Contract by the IPSec Tunnel between the router in the DMZ and routers of Management Office successfully.
I can also set up a GRE Tunnel (without IPSec) between the internal router and the router in the DMZ.
However, whenever the GRE Tunnel establishes between internal and DMZ routers and a neighbouring forms EIGRP, EIGRP neighborhood between the router in the DMZ and the branch drops! See following the DMZ router log file:
1 = to branch tunnel
Tunnel of 100 = internal
002885:. 3 Mar 22:32:57.013: % LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed State to
002886:. 3 Mar 22:33:06.029: % DUAL-5-NBRCHANGE: IPv4 EIGRP 1: neighbor 172.17.205.61 (Tunnel1) is on the rise: new adjacency
002889:. 3 Mar 22:33:58.434: % LINK-3-UPDOWN: Interface Tunnel100, changed State to
002890.: 3 Mar 22:33:58.438: % LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed State to
002891:. 3 Mar 22:34:15.370: % DUAL-5-NBRCHANGE: IPv4 EIGRP 1: neighbor 192.168.5.66 (Tunnel100) is on the rise: new adjacency
002892:. 22:34:30.551 3 Mar: % DUAL-5-NBRCHANGE: 1 IPv4 EIGRP: neighbour 172.17.205.61 (Tunnel1) is falling: expiry of hold time
002893:. 3 Mar 22:34:47.015: % LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, state change downstairsThe IPSec tunnel, for the branch remains in place throughout.
Can anyone help!?
The problem was that whenever the GRE Tunnel established between internal and DMZ routers and a forms of EIGRP neighbor branch was learning the next hop to the destination of tunnel from a different device.
This is how the branch was to learn the route to the tunnel destination:
Tunnel1 interface
Tandragee Sub Station router VPN Tunnel description
bandwidth 64
IP 172.17.205.62 255.255.255.252
no ip-cache cef route
delay of 20000
KeepAlive 10 3
source of tunnel Loopback1
tunnel destination 172.17.255.23
be-idz-vpn-01 #sh ip route 172.17.255.23
Routing for 172.17.255.23/32 entry
Through the 'static', the metric distance 1 0 known
Routing descriptor blocks:
* 172.17.252.129
Path metric is 0, number of shares of traffic 1
be-idz-vpn-01 #sh ip route 172.17.252.129
Routing for 172.17.252.128/25 entry
Known via 'connected', distance 0, metric 0 (connected, via the interface)
Routing descriptor blocks:
* directly connected by GigabitEthernet0/1
Path metric is 0, number of shares of traffic 1
be-idz-vpn-01 #.
This is how the next hop as learned GRE Tunnel between internal and DMZ routers
be-idz-vpn-01 #sh ip route 172.17.252.129
Routing for 172.17.252.128/27 entry
By the intermediary of "eigrp 1", the known distance 170, metric 40258816, type external
Redistribution via eigrp 1
Last updated on Tunnel100 192.168.5.66, ago 00:07:25
Routing descriptor blocks:
* 192.168.5.66, 192.168.5.66, there is, through Tunnel100 00:07:25
Path metric is 40258816, 1/number of shares of traffic is
Time total is 10110 microseconds, minimum bandwidth 64 Kbps
Reliability 255/255, MTU minimum 1476 bytes
Loading 1/255, 2 hops
We can see how the next hop to the destination of tunnel 172.17.255.23 changed from known via 'connected' via GigabitEthernet0/1 known via "eigrp 1" through Tunnel100.
This case causes the Tunnel 1 drops.
The reason for this behavior was because the road to reach the next hop was acquired with a longest match through tunnel interface so that he won the race to the routing table.
The solution we applied:
Created a list of distribution on the branch office router in order to remove this specific route Tunnel 100 updates.
Router eigrp 1
distribute-list 1
Network 10.10.10.0 0.0.0.3
network 172.17.203.56 0.0.0.3
network 172.17.203.60 0.0.0.3
network 172.17.205.60 0.0.0.3
network 172.19.98.18 0.0.0.0
network 192.168.5.64 0.0.0.3
passive-interface Loopback1
be-idz-vpn-01 #sh access-list 1
IP access list standard 1
10 deny 172.17.252.128, wildcard bits 0.0.0.127 (1 match)
20 permit (1230 matches)
be-idz-vpn-01 #.
Once this has been applied, we could have the GRE Tunnel established between internal and DMZ routers with the tunneld ACCORD between the branch and the router in the DMZ.
-
EIGRP authentication Switch 3750
I want to know if I can use md5 with cisco 3750 platform version 2 authentication, and if there is a problem if it has heel of routing?
Hello
Yes authentication runs on this platform for EIRGP.
Here's official documentation talking about EIGRP and authentication.
Thank you
PS: Please do not forget to rate and score as correct answer if this answered your question
-
Can I avoid the convergence during the substitution of EIGRP auth key. ?
Hello
I set up several routers for EIGRP authenticated using a keychain. I have configured each key for about 6 months of validity:
R1# show key chain Key-chain EIGRP-Key-Chain:
Key 1 -- text "key1" accept lifetime (00:00:00 EDT Oct 1 2013) - (23:59:59 EDT Mar 31 2014) [valid now]
send lifetime (12:00:00 EDT Oct 1 2013) - (11:59:59 EDT Mar 31 2014) [valid now]
key 2 -- text "key2" accept lifetime (00:00:00 EDT Mar 31 2014) - (23:59:59 EDT Oct 1 2014)
send lifetime (12:00:00 EDT Mar 312014) - (11:59:59 EDT Oct 1 2014)
This configuration should provide accepts the overlap between the keys 1 and 2 throughout the 24 h of March 31, 2014. Turning key shipment should arrive at noon March 31, 2014, (giving the router 12 hours of cushion for time difference).
Unfortunately, during the bearing (forced by manually setting the router before clock), I have the EIGRP convergence experience. This is unexpected because the router should accept time key 1 and key 2. Am I missing something? Is it possible to avoid convergence?
Thank you
Rob
Hi Rob,
You can't have some newspapers/debugging event, you? It would be a huge help, I suppose, to see what really happened.
This configuration should provide accept overlap between key 1 and key 2 during the entire 24 hours of 31 March 2014. The send key rollover should happen at noon on 31 Mar 2014 (giving the router 12 hours of cushion for time variance).
Well, not really. There is a case of extreme that I found in your configuration in which the EIGRP would restore his neighborship, so please, bear with me.
1 send to life key until
11:59:59 EDT Mar 31 2014
life to send key 2 of
12:00:00 EDT Mar 31 2014
If any router would have to send packets HELLO between 12:00 and 11:59:59, there is NOT VALID at this time KEYS. Maybe that is not your case and maybe it's a little extreme, but it could happen. I wasn't really sure of it so I labbed it.
R1 and R2 are interconnected by Serial1/0, IPs 10.0.0.1 and 10.0.0.2 respectively. Don't mind the time, they are poorly synchronized, but it is not really important.
Perspctive of R1
Mar 31 11:59:59.863: EIGRP: interface Serial1/0, No live authentication keys
Mar 31 11:59:59.867: EIGRP: Sending HELLO on Serial1/0
Mar 31 11:59:59.867: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Mar 31 11:59:59.891: EIGRP: received packet with MD5 authentication, key id = 2
Mar 31 11:59:59.891: EIGRP: Received HELLO on Serial1/0 nbr 10.0.0.2
Mar 31 11:59:59.891: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
Mar 31 11:59:59.891: Inteface goodbye received
Mar 31 11:59:59.891: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.2 (Serial1/0) is down: Interface Goodbye received
Perspective of R2
Mar 31 12:10:47.619: EIGRP: received packet with MD5 authentication, key id = 1
Mar 31 12:10:47.623: EIGRP: Received HELLO on Serial1/0 nbr 10.0.0.1
Mar 31 12:10:47.627: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
Mar 31 12:10:47.931: EIGRP: Sending HELLO on Serial1/0
Mar 31 12:10:47.935: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Mar 31 12:10:52.067: EIGRP: Dropping peer, invalid authentication
Mar 31 12:10:52.071: EIGRP: Sending HELLO on Serial1/0
Mar 31 12:10:52.075: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Mar 31 12:10:52.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.1 (Serial1/0) is down: Auth failure
So if R1 (or any other router) would hit 1 second interval, he would have sent package HELLO without authentication at all leading to the fall of the neighborship.
It is maybe it happened, maybe not. Just an idea.
BTW. If you want to ensure that this reversal will be correctly you must rewrite your keys up to something like this:
Key1
accept life 00:00:00 October 1, 2013 23:59:59 March 31, 2014
send-lifetime 12:00 October 1, 2013 12:00:05 March 31, 2014
2 key
accept life 00:00:00 March 31, 2014 23:59:59 October 1, 2014
send-lifetime 12:00 March 31, 2014 11:59:55 October 1, 2014
The thing is, as we already know from this point, the send-lifetime of keys of the changes need to overlap a bit that there would be a period of time without a valid key.
Best regards
Jan
-
motorcycle g wifi authentication failure
Hi guys, I bought the motorcycle g.everything is fine except that it connects not to my home wifi.it said authentication error.i tried connecting to my neighbor who uses the same router but it rarely connects and falls often the signal... PLEASE HELP ME
What is the router brand and model?
Maybe you are looking for
-
Apple, I need to update 10.0.2
I have a problem with my iPad because it hangs and will not let me update the new iOS 10.0.2
-
AY 005tx: graphics driver problem
I bought a HP 15 ay005 tx. It's a BACK Machine. Everything works except thr AMD Radeon R5 330 graphics card. I currently installed windows 10 32 bit on it. I believe that the graphics card does not work correctly. "When I click on AMD Radeon settings
-
Reading of the zeros of a DMA FIFO empty
Hello I'm having a problem using the DMA FIFO to communicate between my real-time system and my FPGA. I use two DMA FIFO, one-way to the FPGA of the RT system and then vice versa. I can successfully get data to and from each system; However, before,
-
LabVIEW Ridge detector - fails the simple test?
Hi people. I tried two different spectra for the LabVIEW waveform peak detector (LabVIEW 8.5). It works fine, the other not, and I'm trying to understand why. VI and attached screenshot. I've hardcoded the bays so you can just run the VI. Any tho
-
7 DAY FREE TRIAL - WHAT A SCAM AND NO! NOT MY COMPUTER! NOT IMPRESSED
Why waste time peoples promote a free trial for 7 days for an Adobe Acrobat Pro DC and then only have access to Documents of cloud to Adobe! Seriously, would be of the most expected on their part! To complete the document important today and would