EIGRP authentication Switch 3750

I want to know if I can use md5 with cisco 3750 platform version 2 authentication, and if there is a problem if it has heel of routing?

Hello

Yes authentication runs on this platform for EIRGP.

Here's official documentation talking about EIGRP and authentication.

Thank you

PS: Please do not forget to rate and score as correct answer if this answered your question

Tags: Cisco Network

Similar Questions

  • switch 3750 EAPoL transmission RADIUS server

    I have a running version of the 3750 switch stack 12.2 (53) SE2 IPBASEK9-M. I have dot1x configured on the switch and a Windows 7 PC, connected with 802. 1 x configured on the interface. I see the EAPoL start message from the PC, but I do not see the packets from the switch to the RADIUS server RADIUS. I have a config simple dot1x just to try to make it work before adding additional features such as comments - vlan...

    Config and debug of attached file.

    I don't know if the configuration ip dhcp snooping and arp of inspection is cause a problem with that or not. I see the EAPoL packet received on the switch, as shown in the attachment of debugging, but I never see the RADIUS packet. I've defined both trust on the interface, but always the same result. I can't turn it off because there is a switch of production with a test interface.

    Any ideas?

    Thank you

    Mark

    I had the same problem and solved it is enough to configure the switch as authenticator instead of "supplicant". "Supplicant" means customer, "authenticator" means in fact the switch acts as an authenticator to pass through, it will forward the requests to the auth server, for example, host of RADIUS.

  • Command not accepted on switch 3750 WCCP

    Hello

    I'm trying to configure the redirection of WCCP using L2 forwarding on a stack of 3750, but the 'ip wccp web cache' command is not accepted.

    Can you please help?

     Stack_3750X(config)#ip wccp                        ^ % Invalid input detected at '^' marker.

    Using the version 15.0

     Stack_3750X#sh ver Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)

    SDM prefer routing active.

     Stack_3750X#sh sdm prefer The current template is "desktop routing" template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unicast mac addresses: 3K number of IPv4 IGMP groups + multicast routes: 1K number of IPv4 unicast routes: 10.875k number of directly-connected IPv4 hosts: 3K number of indirect IPv4 routes: 7.875k number of IPv6 multicast groups: 64 number of IPv6 unicast routes: 32 number of directly-connected IPv6 addresses: 0 number of indirect IPv6 unicast routes: 32 number of IPv4 policy based routing aces: 0.5K number of IPv4/MAC qos aces: 0.375k number of IPv4/MAC security aces: 0.875k number of IPv6 policy based routing aces: 0 number of IPv6 qos aces: 0 number of IPv6 security aces: 58

    Here is the license:

     Stack_3750X#sh license Index 1 Feature: ipservices Period left: Life time License Type: PermanentRightToUse License State: Active, Not in Use, EULA not accepted License Priority: None License Count: Non-Counted Index 2 Feature: ipbase Period left: Life time License Type: Permanent License State: Active, In Use License Priority: Medium License Count: Non-Counted Index 3 Feature: lanbase Period left: 0 minute 0 second

    Hi ipbase can't stand the wccp you need ipservices or license advanced

    http://www.Cisco.com/c/en/us/support/docs/Security/Web-security-appliance/118006-configure-WCCP-00.html

    Mark

  • Monitoring of the access of remote logon to my switch 3750

    I need to know if someone is logged in my switch without my knowledge. Is this information to connect by default?

    Ah ok, in this case I don't know a way to do.

    In the immediate future, you can configure an ACL to restrict which VLANS have access via SSH to your switch. Then research establishing a friendly AAA method, this way you can make sure there is a journal that performs authentication, a list of which can authenticate and what orders they have done.

  • UCS B200M3, quirk of connectivity to the Switch 3750 G

    Morning all,

    Hoping someone can help, I have a strange situation that occurs with my new installation of UCS.

    The configuration is:

    UCS chassis connected to a pair of interconnections of tissue 6248UP, using 2208XP/o Modules.

    I connect this to a stack of distribution 3750, I configured 2 etherchannels on the pile of 3750 and in the UCS Manager, these are configured to pass all the VLANS relevant, I have three blades (B200M3), installed in the chassis with VMWare ESXI 5 installed.

    Once they have all been implemented, they can communicate both feel to and from the network without problem, both vmware networks and local network.

    2 a night or more (without modification) blades (slots 2 and 3) stop communicating on the network. I can get them working again by making a few changes to network settings and everything will be ok until the next day.

    I am at a loss as to what may be causing this.

    Any help would be great.

    Thank you

    Chris

    That should solve your problem.  UCS will not pass unknown unicast, so if a MAC of UCS blade/VM address aging of your 3750, the outside world will be not able to reach it.  Under production operation normal/servers are normally talkative enough to avoid depleting and aging timers you only will see probably this at this time during the installation when there is little or no send/receive VMs.  Another option is to increase the timers of aging on the 3750.

    Let me know that he's going tomorrow.

    Kind regards

    Robert

  • Order of port re-auth authentication and switch / stop of the session

    Hi all

    We are implementing an ISE (1,4) and met regarded questions on the agenda of the authentication and a stop of the session after posture in line. We got mab, dot1x as authentication order (priority of authentication is set to dot1x, mab). We have configured a reauthentication in the ports of the switch. Windows uses begging all-connect NAM (see 4.2) to dot1x and posture. During the re-authentication, either all-connecting NAM or switch does not start an eapol start and switch allows the session to the MAB, where - as when seen dot1x and mab authentication switch order generates eapol start. The switches are 3750 (15.0 (2) SE8).

    Any possibility we could force the switch/NAM agent sent an eapol start during re-auth?

    Regarding the posture, posture once conform for an endpoint (after dot1x authentication passes) following a judgment of the ISE manual session for an endpoint, switch creates a new session in ISE changes and switch the State of the unknown port to posture. Posture ise AC client still shows status of complaint of posture in the endpoint. It seems do not know about the stop of the session. During NAM endpoint agent session performs a re-auth component however posture remains unchanged "in line".

    Does anyone have experience this problem?.

    Thanks in advance.

    Concerning

    GA

    Hi Gaj-

    I had the similar problem in the past and for setting the following attribute:

    Termination-action-AVPair attribute modifier = 1

    Give that a go and let us know if you still have any questions.

    Thank you for evaluating useful messages!

  • [3750 x] switch was able to start on the new image

    Hello

    I have updated the firmware of my switches 3750 x (19 switches in the Group 8 battery) with the new version. But 2 switches with a stack of 3 cannot take the last version. They are the same model, I do not understand why they cannot start on the new image.

    New version: 15.0 (2) SE7

    Old version: 12.2 (58) SE2

    Switches information

    17 switches that works

    WS-C3750X-24 15.0 (2) SE7 C3750E-UNIVERSALK9-M

    Revision number of the model: A0
    Motherboard revision number: A0
    Model number: WS-C3750X-24 t-S

    Of the 2Switches that does not work

    WS-C3750X-24 12.2 SE2 (58) C3750E-UNIVERSALK9-M

    Revision number of the model: A0
    Motherboard revision number: C0
    Model number: WS-C3750X-24 t-S

    It's the only different, I found between the 2 switches with all other switches,

    Loading images

    In step 1 it load the image, but it will not start and in the end, it loads the old image and boot top.

    Loading ' flash: c3750e-universalk9 - mz.150 - 2.SE7.bin "... @.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    @@@@@@@@@@...

    File "flash: c3750e-universalk9 - mz.150 - 2.SE7.bin ' unzipped and installed, point of entry: 0 x 3000
    execution of...

    "Loading Flash:/c3750e-universalk9-mz.122-58.SE2.bin"...@@@ ".

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    @@@@@@@@@@...

    The switch that has the latest version can not see the other 2 stacks. At the moment the only solution I found is the downgrade of the switch with version 15.

    Kind regards

    The latest version that starts with success on this device is 15.0 (1) SE3

    The 15.0 (2) * or 15.2. * the images do not start and lead the suspended device during the @ as stated above.

    So, it seems than Cisco already broken that in 2012. I almost can't believe it.

  • IPsec tunnel on cisco 3750 Switch

    Guys... I just wanted to know, is - it possible to configure/close the tunnel vpn ipsec on cisco switch 3750.

    Thanks in advance.

    NO u cant, you can on CAT 6500 with VPN module!

  • Light green RPS on 3750 switch

    Hello world

    I have stand-alone switch 3750.

    RPS led is green and light system is off.

    3750TS env #sh all the

    The FAN is OK

    TEMPERATURE is OK

    SW series PID # status Pwr Sys PoE Pwr Watts

    --  ------------------  ----------  ---------------  -------  -------  -----

    2 integrated good

    Status of SW RPS name RPS no_serie RPS Port #.

    --  -------------   ----------------  -----------  ---------

    2 does not<>

    3750TS #.

    I have another switch with the same model and ios that its light RPS is off and the system led is green

    Thank you

    Mahesh

    Hello Manu,

    So, given that the switch works well, so there could be something wrong with the light, front or the mode button which are all cosmetics and should not impact on the switch.

    HTH

    Reza

  • Failure of GBA 4.2 GANYMEDE + authentic. Incompatibility of keys

    I have configured 10 switches(C3750-ADVIPSERVICESK9-M) of layer 2, Version 12.2 (40) SE), use GANYMEDE +. They are all using the same key and work correctly.  I went to another switch 3750 located through a point-to-point circuit, software C3750 Cisco (C3750-IPBASEK9-M), Version 12.2 (35) SE5. I entered the configuration routine and then entered the key and tried to connect as a user and get authentication failed. I checked the server and see key discrepancies in the reports and activity, the attempt failed.  I've removed the key, copied and pasted from Notepad, still does not work.  Removed the switch in the network device group ACS and then re - he added, stuck a new key, without special characters. No go.

    Here is the config.

    AAA new-model
    !
    !
    AAA of default login authentication group Ganymede + activate
    local NO_AAA AAA authentication login
    the AAA authentication enable default group Ganymede + activate
    AAA authorization exec default group Ganymede + authenticated if

    Ganymede IP source interface FastEthernet0/0

    GANYMEDE-server host 10.1.1.1
    RADIUS-server key 0 itspassword
    RADIUS-server application made

    Initially, the password is encrypted, so I changed it to erase the text by typing the password without the 0 and with 0.  None worked.  Also removed encryption service to see if that would do anything.

    I usually have SSH for router, so I changed it to accept telent.  That did not work.  Changed SSH, reset the rsa keys and modified so that it uses SSH2, which did not work.

    Here's what I get from newspapers

    August 12 at 11:43:24: TAC +: send worm package AUTHENTIC/START = 192 id = 97563278
    August 12 at 11:43:24: TAC +: using Ganymede server-group "Ganymede +" list by default.
    August 12 at 11:43:24: TAC +: opening TCP/IP 10.1.1.1/49 Timeout = 5
    August 12 at 11:43:24: TAC +: handle opened TCP/IP 0x3663CA0 to 10.219.1.1/49 using the 10.2.2.254 source
    August 12 at 11:43:24: TAC +: 10.1.1.1 (97563278) AUTHENTIC/START/CONNECTION/ASCII queued
    August 12 at 11:43:25: TAC +: (97563278) AUTHENTIC/START/CONNECTION/ASCII processed
    August 12 at 11:43:25: TAC +: received bad AUTHENTIC package: length = 6, should 80467
    August 12 at 11:43:25: TAC +: invalid package AUTHENTIC/START/CONNECTION/ASCII (control keys).
    August 12 at 11:43:25: TAC +: connection TCP/IP closing 0x3663CA0 to 10.1.1.1/49
    August 12 at 11:43:25: TAC +: using Ganymede server-group "Ganymede +" list by default.
    August 12 at 11:43:37: TAC +: send worm package AUTHENTIC/START = 192 id = 1015854339
    August 12 at 11:43:37: TAC +: using Ganymede server-group "Ganymede +" list by default.
    August 12 at 11:43:37: TAC +: opening TCP/IP 10.1.1.1/49 Timeout = 5
    August 12 at 11:43:37: TAC +: handle opened TCP/IP 0x366AF24 to 10.1.1.1/49 using the 10.2.2.254 source
    August 12 at 11:43:37: TAC +: 10.1.1.1 (1015854339) AUTHENTIC/START/CONNECTION/ASCII queued
    August 12 at 11:43:38: TAC +: (1015854339) AUTHENTIC/START/CONNECTION/ASCII processed
    August 12 at 11:43:38: TAC +: received bad AUTHENTIC package: length = 6, should 79092
    August 12 at 11:43:38: TAC +: invalid package AUTHENTIC/START/CONNECTION/ASCII (control keys).
    August 12 at 11:43:38: TAC +: connection TCP/IP closing 0x366AF24 to 10.1.1.1/49
    August 12 at 11:43:38: TAC +: using Ganymede server-group "Ganymede +" list by default.

    I watched autour forum for about 4 hours, try all other options that were given to other people with a similar problem.  The last key, in that I put has 123456.  You can not fat finger that is.  Switch journal said check the key, the firewall is configured to allow all traffic from the AAA client.

    Hi green2003 mg,.

    The substitution of key group (the NDG where your switch belongs to) the button. Have you checked that one?

    Greetz,

    Julia

  • 3750 X netflow configuration.

    Hello

    I have a stack of switch 3750 x and I want to know if I can configure flexible netflow with her. I have to update the IOS?

    #sh worm

    Cisco IOS software, software of C3750E (C3750E-UNIVERSALK9-M), Version 12.2 (55) SE5, RELEASE SOFTWARE (fc1)

    Technical support: http://www.cisco.com/techsupport

    Copyright (c) 1986-2012 by Cisco Systems, Inc.

    Updated Friday, February 9, 12 18:14 by prod_rel_team

    Image text-base: 0 x 00003000, database: 0 x 02800000

    ROM: Bootstrap program is C3750E boot loader

    BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M), Version 12.2 (53r) SE2, RELEASE SOFTWARE (fc1)

    EN-BY-JAC-PRODTECH-01 uptime is of 44 weeks, 5 days, 6 hours, 24 minutes

    System to regain the power ROM

    System restarted at 13:28:52 CEST Saturday, January 12, 2013

    System image file is "flash:/c3750e-universalk9-mz.122-55.SE5/c3750e-universalk9-mz.122-55.SE5.bin".

    This product contains cryptographic features and is under the United States

    States and local laws governing the import, export, transfer and

    use. Delivery of Cisco cryptographic products does not imply

    third party approval to import, export, distribute or use encryption.

    Importers, exporters, distributors and users are responsible for

    compliance with U.S. laws and local countries. By using this product you

    agree to comply with the regulations and laws in force. If you are unable

    to satisfy the United States and local laws, return the product.

    A summary of U.S. laws governing Cisco cryptographic products to:

    http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

    If you need assistance please contact us by mail at

    [email protected] / * /.

    License level: ipbase

    License type: Permanent

    Then reload license level: ipbase

    processor of WS-C3750X-48 (PowerPC405) Cisco (revision F0) with 262144 K bytes of memory.

    Processor card ID

    Last reset of tension

    3 virtual Ethernet interfaces

    1 interface FastEthernet

    104 gigabit Ethernet interfaces

    4 ten interfaces Ethernet Gigabit

    Password recovery mechanism is activated.

    512K bytes of memory simulated by flash not volatile configuration.

    Basic Ethernet MAC address: E4:D3:F1:C7:B1:80

    Number of the motherboard: 73-12552-06

    Serial number of the motherboard:

    Revision number of the model: F0

    Motherboard revision number: A0

    Model number: WS-C3750X-48 t-S

    Daughter numbered card: 800-32727-03

    Daughter card serial number:

    System serial number:

    Top Assembly part number: 800-31326-03

    Top of page revision number of the Assembly: B0

    Version ID: V03

    CLEI Code number:

    Material Board revision number: 0x04

    SW Version SW Image model switch ports

    ------ ----- -----              ----------            ----------

    * 1 54 WS-C3750X-48 12.2 SE5 (55) C3750E-UNIVERSALK9-M

    2 54 48 - C3750X - WS 12.2 SE5 (55) C3750E-UNIVERSALK9-M

    Switch 02

    ---------

    Switch Uptime: 44 weeks, 3 days, 9 hours, 38 minutes

    Basic Ethernet MAC address: E4:D3:F1:CC:3 A: 80

    Number of the motherboard: 73-12552-06

    Serial number of the motherboard:

    Revision number of the model: F0

    Motherboard revision number: A0

    Model number: WS-C3750X-48 t-S

    Daughter numbered card: 800-32727-03

    Daughter card serial number:

    System serial number:

    Top of page Assembly part number: 800-31326-03

    Top of page revision number of the Assembly: B0

    Version ID: V03

    CLEI Code number:

    License level: ipbase

    License type: Permanent

    Next time you restart level license: ipbase

    Configuration register is 0xF

    NAME: '1', DESCR: "WS-C3750X-48".

    PID: WS-C3750X-48 T-S, VID: V03, SN:

    NAME: 'Switch 1 - power supply 0', DESCR: "FRU power."

    PID: C3KX-PWR-350WAC, VID: V02, SN:

    NAME: "Switch 1 - Slot FRULink 1 FRULink Module ', DESCR:"FRULink 10 G ST Module"

    PID: C3KX-NM - 10 G, VID: V01, SN:

    NAME: 'TenGigabitEthernet1/1/1', DESCR: 'SFP-10GBase-SR.

    PID: SFP - 10 G - SR, VID: V03, SN:

    NAME: 'TenGigabitEthernet1/1/2', DESCR: 'SFP-10GBase-SR.

    PID:                   , VID:      , SN:

    NAME: '2', DESCR: "WS-C3750X-48".

    PID: WS-C3750X-48 T-S, VID: V03, SN:

    NAME: 'Switch 2 - power supply 0', DESCR: "FRU power."

    PID: C3KX-PWR-350WAC, VID: V02, SN:

    NAME: 'Switch 2 - power supply 1', DESCR: "FRU power."

    PID: C3KX-PWR-350WAC, VID: V02, SN:

    NAME: "Switch 2 - Slot FRULink 1 FRULink Module ', DESCR:"FRULink 10 G ST Module"

    PID: C3KX-NM - 10 G, VID: V01, SN:

    NAME: 'TenGigabitEthernet2/1/1', DESCR: 'SFP-10GBase-SR.

    PID: SFP - 10 G - SR, VID: V03, SN:

    TIA,

    Nicos Nicolaides

    Hello Nicos,

    Your x 3750 has the module C3KX-SM-10 G ?  I think that you'll need to export flows.

    Jake

  • Problem module (C3KX-NM-10GT) 10GB - T on the stack of 3750

    I bought a two port 10 GB-T network port module (C3KX-NM-10GT) for my stack of switch 3750-X (4 in the stack). After having powered the entire stack, connect the module, re - all powered. When I run a 'sh ip int bri"I see not two, but eight 10 GB ports. Two for each switch of the battery. Not only that, but when I try to plug something in the module it still shows the State (notconnect).

    I tried checking the IOS version to recommend, but the only documentation that I could find was on the module (C3KX-NM - 10G), ( http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modu... ). This shows a version of the IOS 12.2 (53) SE. I have 12.2 (58) TO so this should be good?

    Is this a problem with the incompatibility of IOS or some other problem with the stack of the switch? Nobody knows the version of IOS recommended for this module?

    Go HERE.

    Shows documentation you need, a minimum of 15.0 (1) SE.  Personally, I would recommend you stay away from this version and go directly to 15.0 (2) SE4.

    Be aware of an IOS 12.2 (58) upgrade SE to everything the 15.X will also include an upgrade mandatory bootstrap (aka firmware).  All-in-all, it takes about 25 minutes to upgrade.  So don't be scared or ground-your-pants.  Make sure that you have for a timeout of 45 minutes.

  • Routing between a router and a switch L3

    Hi I have a question where I have two sites we try to connect through an ethernet port. In site 2, I use the port of gig0/0 on router 1941 and configured the port as such:

    interface gig0/0

    IP 192.168.18.2 255.255.255.252

    IP route 10.0.4.0 255.255.255.0 192.168.18.1

    site 2, I use a switch 3750 because I have no port available on their router together and is configured as such:

    interface FastEthernet4/0/1

    No switchport

    IP 192.168.18.1 255.255.255.252

    IP route 172.20.0.0 255.255.0.0 192.168.18.2

    Although the two ports appear as more and I can ping their interfaces locally, I can not ping interfaces aside until now neither their networks.

    I tried changed the front door of the local interface, but that does not work either.

    The carrier claims that I must have on one vlan and suggested this config on site 1:

    Interface gig0/0,955

    encapsulation dot1q 955

    IP 192.168.18.2 address 255.255.252

    And there is the problem.  I can not configure a subinterface on the L3 switch and cannot add the vlan as they recommend.

    Any suggestions from anyone on how to connect the two sites?

    Thank you

    Pete

    The real port must be configured as a trunk because of the end of the router. If so -.

    (1) create a vlan 995

    (2) configure the port as trunk but don't allow that vlan 995 on it

    (3) create IVR and IP migration

    Jon

  • More Stable IOS for cat 3750 - Cisco laboratory

    As the title suggests, what is a good version of IOS to stick on a switch 3750 (normal, no series X or G)? This is used for a Cisco lab in my CCNP - SWITCH studies.

    Normally the I INE referance site if they do not have a 3750 recommendations of IOS (only 3560).

    Recommendation of Reza second IP, 12.2 (55) SE7 is, currently, the more stable IOS around.

    If you need 15.0, then you can try 15.0 (2) SE2.

  • Can I avoid the convergence during the substitution of EIGRP auth key. ?

    Hello

    I set up several routers for EIGRP authenticated using a keychain. I have configured each key for about 6 months of validity:

    R1# show key chain Key-chain EIGRP-Key-Chain:

    Key 1 -- text "key1"   accept lifetime (00:00:00 EDT Oct 1 2013) - (23:59:59 EDT Mar 31 2014) [valid now]

       send lifetime (12:00:00 EDT Oct 1 2013) - (11:59:59 EDT Mar 31 2014) [valid now]

    key 2 -- text "key2"   accept lifetime (00:00:00 EDT Mar 31 2014) - (23:59:59 EDT Oct 1 2014)

       send lifetime (12:00:00 EDT Mar 312014) - (11:59:59 EDT Oct 1 2014)

    This configuration should provide accepts the overlap between the keys 1 and 2 throughout the 24 h of March 31, 2014. Turning key shipment should arrive at noon March 31, 2014, (giving the router 12 hours of cushion for time difference).

    Unfortunately, during the bearing (forced by manually setting the router before clock), I have the EIGRP convergence experience. This is unexpected because the router should accept time key 1 and key 2. Am I missing something? Is it possible to avoid convergence?

    Thank you

    Rob

    Hi Rob,

    You can't have some newspapers/debugging event, you? It would be a huge help, I suppose, to see what really happened.

    This configuration should provide accept overlap between key 1 and key 2 during the entire 24 hours of 31 March 2014. The send key rollover should happen at noon on 31 Mar 2014 (giving the router 12 hours of cushion for time variance).

    Well, not really. There is a case of extreme that I found in your configuration in which the EIGRP would restore his neighborship, so please, bear with me.

    1 send to life key until11:59:59 EDT Mar 31 2014

    life to send key 2 of 12:00:00 EDT Mar 31 2014

    If any router would have to send packets HELLO between 12:00 and 11:59:59, there is NOT VALID at this time KEYS. Maybe that is not your case and maybe it's a little extreme, but it could happen. I wasn't really sure of it so I labbed it.

    R1 and R2 are interconnected by Serial1/0, IPs 10.0.0.1 and 10.0.0.2 respectively. Don't mind the time, they are poorly synchronized, but it is not really important.

    Perspctive of R1

    Mar 31 11:59:59.863: EIGRP: interface Serial1/0, No live authentication keys

    Mar 31 11:59:59.867: EIGRP: Sending HELLO on Serial1/0

    Mar 31 11:59:59.867:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

    Mar 31 11:59:59.891: EIGRP: received packet with MD5 authentication, key id = 2

    Mar 31 11:59:59.891: EIGRP: Received HELLO on Serial1/0 nbr 10.0.0.2

    Mar 31 11:59:59.891:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

    Mar 31 11:59:59.891:        Inteface goodbye received

    Mar 31 11:59:59.891: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.2 (Serial1/0) is down: Interface Goodbye received

    Perspective of R2

    Mar 31 12:10:47.619: EIGRP: received packet with MD5 authentication, key id = 1

    Mar 31 12:10:47.623: EIGRP: Received HELLO on Serial1/0 nbr 10.0.0.1

    Mar 31 12:10:47.627:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

    Mar 31 12:10:47.931: EIGRP: Sending HELLO on Serial1/0

    Mar 31 12:10:47.935:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

    Mar 31 12:10:52.067: EIGRP: Dropping peer, invalid authentication

    Mar 31 12:10:52.071: EIGRP: Sending HELLO on Serial1/0

    Mar 31 12:10:52.075:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

    Mar 31 12:10:52.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.1 (Serial1/0) is down: Auth failure

    So if R1 (or any other router) would hit 1 second interval, he would have sent package HELLO without authentication at all leading to the fall of the neighborship.

    It is maybe it happened, maybe not. Just an idea.

    BTW. If you want to ensure that this reversal will be correctly you must rewrite your keys up to something like this:

    Key1

    accept life 00:00:00 October 1, 2013 23:59:59 March 31, 2014

    send-lifetime 12:00 October 1, 2013 12:00:05 March 31, 2014

    2 key

    accept life 00:00:00 March 31, 2014 23:59:59 October 1, 2014

    send-lifetime 12:00 March 31, 2014 11:59:55 October 1, 2014

    The thing is, as we already know from this point, the send-lifetime of keys of the changes need to overlap a bit that there would be a period of time without a valid key.

    Best regards

    Jan

Maybe you are looking for