Can I avoid the convergence during the substitution of EIGRP auth key. ?

Hello

I set up several routers for EIGRP authenticated using a keychain. I have configured each key for about 6 months of validity:

R1# show key chain Key-chain EIGRP-Key-Chain:

Key 1 -- text "key1"   accept lifetime (00:00:00 EDT Oct 1 2013) - (23:59:59 EDT Mar 31 2014) [valid now]

   send lifetime (12:00:00 EDT Oct 1 2013) - (11:59:59 EDT Mar 31 2014) [valid now]

key 2 -- text "key2"   accept lifetime (00:00:00 EDT Mar 31 2014) - (23:59:59 EDT Oct 1 2014)

   send lifetime (12:00:00 EDT Mar 312014) - (11:59:59 EDT Oct 1 2014)

This configuration should provide accepts the overlap between the keys 1 and 2 throughout the 24 h of March 31, 2014. Turning key shipment should arrive at noon March 31, 2014, (giving the router 12 hours of cushion for time difference).

Unfortunately, during the bearing (forced by manually setting the router before clock), I have the EIGRP convergence experience. This is unexpected because the router should accept time key 1 and key 2. Am I missing something? Is it possible to avoid convergence?

Thank you

Rob

Hi Rob,

You can't have some newspapers/debugging event, you? It would be a huge help, I suppose, to see what really happened.

This configuration should provide accept overlap between key 1 and key 2 during the entire 24 hours of 31 March 2014. The send key rollover should happen at noon on 31 Mar 2014 (giving the router 12 hours of cushion for time variance).

Well, not really. There is a case of extreme that I found in your configuration in which the EIGRP would restore his neighborship, so please, bear with me.

1 send to life key until11:59:59 EDT Mar 31 2014

life to send key 2 of 12:00:00 EDT Mar 31 2014

If any router would have to send packets HELLO between 12:00 and 11:59:59, there is NOT VALID at this time KEYS. Maybe that is not your case and maybe it's a little extreme, but it could happen. I wasn't really sure of it so I labbed it.

R1 and R2 are interconnected by Serial1/0, IPs 10.0.0.1 and 10.0.0.2 respectively. Don't mind the time, they are poorly synchronized, but it is not really important.

Perspctive of R1

Mar 31 11:59:59.863: EIGRP: interface Serial1/0, No live authentication keys


Mar 31 11:59:59.867: EIGRP: Sending HELLO on Serial1/0


Mar 31 11:59:59.867:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0


Mar 31 11:59:59.891: EIGRP: received packet with MD5 authentication, key id = 2


Mar 31 11:59:59.891: EIGRP: Received HELLO on Serial1/0 nbr 10.0.0.2


Mar 31 11:59:59.891:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0


Mar 31 11:59:59.891:        Inteface goodbye received


Mar 31 11:59:59.891: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.2 (Serial1/0) is down: Interface Goodbye received

Perspective of R2

Mar 31 12:10:47.619: EIGRP: received packet with MD5 authentication, key id = 1


Mar 31 12:10:47.623: EIGRP: Received HELLO on Serial1/0 nbr 10.0.0.1


Mar 31 12:10:47.627:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0


Mar 31 12:10:47.931: EIGRP: Sending HELLO on Serial1/0


Mar 31 12:10:47.935:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0


Mar 31 12:10:52.067: EIGRP: Dropping peer, invalid authentication


Mar 31 12:10:52.071: EIGRP: Sending HELLO on Serial1/0


Mar 31 12:10:52.075:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0


Mar 31 12:10:52.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.1 (Serial1/0) is down: Auth failure

So if R1 (or any other router) would hit 1 second interval, he would have sent package HELLO without authentication at all leading to the fall of the neighborship.

It is maybe it happened, maybe not. Just an idea.

BTW. If you want to ensure that this reversal will be correctly you must rewrite your keys up to something like this:

Key1

accept life 00:00:00 October 1, 2013 23:59:59 March 31, 2014

send-lifetime 12:00 October 1, 2013 12:00:05 March 31, 2014

2 key

accept life 00:00:00 March 31, 2014 23:59:59 October 1, 2014

send-lifetime 12:00 March 31, 2014 11:59:55 October 1, 2014

The thing is, as we already know from this point, the send-lifetime of keys of the changes need to overlap a bit that there would be a period of time without a valid key.

Best regards

Jan

Tags: Cisco Network

Similar Questions

  • is it far to disable the shortcut ctrl-alt-tab on windows 7 (cycle between windows) to avoid the substitution of this same shortcut (indented) in excel?

    is it far to disable the shortcut ctrl-alt-tab on windows 7 (cycle between windows) to avoid the substitution of this same shortcut (indented) in excel?

    Hello
     
    The feature you're talking about is the default value of design in Windows 7. If you have comments or suggestions, you can post your query to the Windows 7 feedback forum.

     

  • How can I avoid the automatic renewal of my annual subscription?

    How can I avoid the automatic renewal of my annual subscription? He was selected automatically, what can I do now?

    Thank you very much

    Riccardo

    Hi Riccardo,

    Please contact support by calling/chat for cancellation requests and billing queries:

    Contact the customer service

    * Be sure to stay connected with your Adobe ID before accessing the link above *.

    You can also check the help below document:

    https://helpx.Adobe.com/x-productkb/policy-pricing/cancel-membership-subscription.html

    Kind regards

    Sheena

  • where can I find the price of a product key for windows vista professional?

    where can I find the price of a product key for windows vista professional?

    Unfortunately, the editions of Windows Vista are no longer available for sale.  You can buy Windows 7 from the Microsoft Store. Download and run the Windows 7 Upgrade Advisor and follow the recommendations contained in the report that it generates.

  • Pavilion p7 model - 1451: where can I find the windows 8.1 product key

    Where can I find the product key windows 8.1 for my model of HP Pavilion p7-1451. HP came with windows 8 pre-installed and then I upgraded to windows 8.1 Microsoft free online.  I need the product key windows upgrade 8.1 to windows 10.

    Hello
     
    The key is in the BIOS of your machine, please use the following tool to get:

       http://www.Belarc.com/free_download.html

    When running this tool, it produced a report, scroll to the section of software management. Product key Windows 8 or 8.1 is there.

    You can also use the following tool to discover:

      https://www.magicaljellybean.com/KeyFinder/

    Kind regards

  • Can I avoid the closure of the emails one by one at the exit of Thunderbird?

    When I open Thunderbird, the emails I opened on my last visit are still open. Is there a setting I can change for all open documents are closed automatically when leaving the program, rather than having to close it manually one by one?

    Right-click on the tab and select close all other tabs option.

  • How can I avoid the plugin check page?

    Whenever I open Firefox now, I get a second tab taking me to the plugin check page. I've updated all the most vulnerable, and I don't want to see the thing, whenever I open firefox! Can I disable this annoying feature?

    I have uninstalled Viewpoint Media Player (and the messaging client instant AOL "AIM", since apparently that's what compelled Viewpoint Media Player on my system). Viewpoint Media Player is responsible for the plugin called "MetaStream 3 Plugin r4", and I think this plugin is the outbreak of Firefox to open the plugincheck page. It is not enough to disable the plugin, it must be uninstalled. For me, after uninstalling Viewpoint Media Player, the problem of "plugincheck always opening" then went.

    However, I see that you don't have this plugin ("MetaStream") in your list of plugins. It can so that there is some other plugin of yours which is causing this tab is displayed. Go to tools-> Addons-> Plugins (tab) and look in the list for plug-ins with a red warning icon. If there is, this is probably the plugin at the origin of the problem.

  • Z10 blackBerry how can I avoid the mysterious "local Contacts".

    Sometimes, people to contact me on my networks such as Facebook and Twitter and share direct contact.

    Instinctively, I opened 'Contacts' and change their details expected the contact appears on my Google Apps account. Instead, BB10 creates a linked Contact 'Local' who don't get synchronized at all.

    Anyone know if there is a way to prevent the Local touch creating? I want my contacts synchronized to the rear rather than having then to dig contacts up-to-date and start mucking with them about BB10.

    I did not google cloud contacts, but I think you can break the link (which is possible) beween the local contact and the Facebook or Twitter account and re - link accounts Twitter/FB for Google contact that you create. Then just delete the local contact.

    In theory, it should work.

  • How can I avoid the repetitive tasks of editting several boxes click after a record?

    1: I want to click-boxes.5 seconds to stay in overall drag.

    2: I want that all the boxes to click to be "Pause until the user clicks on ', or if they are, I would like it to NOT be" Pause until the user clicks on.

    3: I want to fail only option but not pause for success/failure

    4: I want all click on the boxes to continue on success goto next slide on the last attempt (2 of them).

    Basically everything what is in the box click Properties pane I want to apply all the click boxes, or better yet click boxes on the slides of my choice.

    Is this possible?

    It would be easier to change the default settings before you capture, to some of your questions. Edition, preferences, default values

    For editing: many accordions in the box click Properties panel have the button "apply to all items of this type. It's the small curved arrow top right of the accordion. You can use this:

    • When you apply the start time and "for the rest of the slide" at all, click boxes
    • in the Options to apply parameters of Pause and legend to all click boxes
    • in the Action to apply measures of success to all click boxes

    What is not possible for click boxes, because they do not have an object style, is to use this to CB on the slides of your choice.

    Lilybiri

  • How can I avoid the inclusion of the kernel32.dll in the installer?


    Only for historical purposes, there are two very good workaround solution:

    Enter only the name of the library if the library is in the path of the system.  See call library function dialog box help.

    Use to specify a path on the diagram for the call library function node and enter the path of the dll system in a constant.

  • Satellite A210-1BW I can't activate the WLAN using FN + F8 key combination

    Hello

    All my new Toshiba notebook has been delivered, but now, I have a big problem... because I can't activate WLAN via the FN + F8 key combination... If I press on it I only see that WLAN is disabled... but I can't activate ist... you have a solution for me?

    Sincere greetings
    Andreas

    Solution found! Look on the front of the laptop! There you can see a mixer with the sign "WLAN". You have to go to 'off' to :) I knew that it there to be such a thing As * g * but it's black and if you don't see it very well ;)

  • Can not put the file of 4 GB key USB 16 GB?

    So I have a 64 GB drive (C :) in my Windows XP laptop and a Cenron 16 GB USB drive. In the computer laptop was a video which is 4 GB, and no matter how I drag or copy in the flash drive, an error message will appear and keep saying that the USB is full and I need to delete some files. Even if I tried to empty on the flash drive (which allow the 15.5 GB left) and check if video is used by other programs, the result is the same. I want to know why it happened and how to fix it?

    Thank you.

    The USB (no doubt you mean a USB flash drive) is probably formatted using FAT32, for which the maximum file size is 4 GB less 1 byte.  If you want to use the drive for larger files, you will need to reformat using NTFS.  Of course, reformatting will destroy all data currently on the disk.

    You can try to convert the disk from FAT32 to NTFS, which is supposed to preserve the data, but I suggest that you try not to have any non - back up important data.

  • How can I save the photos on a USB key

    I scanned a few photos and I need to save my friends - how I do on USB

    Put the USB into the USB port and wait for what he could be detected. Now, you can treat it as a folder on your computer and can drag and drop or copy / paste things as you want.

  • How can we make the greatest Windows 7 calculator keys?

    It would be great comfort that we have the possibility to enlarge the buttons of windows 7 calculator. Personally, I'd rather have each button size 2 cm by 2cm.

    Most of the people not to click on the buttons, they just type the numbers on their keyboard instead.

    You can increase the size of all the buttons, including the Calculator buttons, if you want to.  To give this a try and see if you like, follow these steps:
    1 type dpi in your Start menu.
    2 - Click on the option that appears called make text and other items more or less
    3. fix the size you want, then click on apply to test.  You can always cancel it if you don't like it.

  • Can I download the updates to a usb key to install on a computer that does not have internet access?

    I have a hp pavilion bk232AA all in one pc and Lan and wireless drivers were deleted the computer when I did a full restore because the computer had crashed and I used my laptop to download the drivers, but he repeats to me does not meet the system requirements, so is it a way I can download updates on a USB stick and download on my desktop?

    Yes, you should be able to download and save files updated the driver. from hp.com, on a USB key.  Make sure that you save the file, and select run in no.

Maybe you are looking for