my advice is always avoid using tab completion... that will give you lazy ios skills... i've said it before, i use short cuts all the time, but while i am typing them, i say the complete command in my head... do not become reliant on the tab feature, save the tab for when you're at your nix command line...
because you've done something successfully in this once, that is not enough... everything you do must be done with a mind towards speed and accuracy...
the no form of the command is very helpful... it forces you to remember the command as it was originally input... type the command, then use the no form of the command to get rid of it, especially commands that are counterintuitive... type it, then, NO it, then type it again... if you can NO it, you'll KNOW it...
r2(config)#int s2/2
r2(config-if)#no ip authenti mode eigrp 1 md5
r2(config-if)#no ip authenti key-chain eigrp 1 suck-key
r2(config-if)#exit
r2(config)#
*Sep 13 18:16:04: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.18 (Serial2/2) is down: retry limit exceeded
r2(config)#
*Sep 13 18:16:08: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.18 (Serial2/2) is up: new adjacency
r2(config)#key chain suck-key
r2(config-keychain)#key chain 1
r2(config-keychain)#do sh key chain
Key-chain suck-key:
Key-chain 1:
r2(config-keychain)#int s2/2
r2(config-if)#ip authenti mode eigrp 1 md5
*Sep 13 18:17:48: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.18 (Serial2/2) is down: authentication mode changed
r2(config-if)#ip authenti key-chain eigrp 1 suck-key
r2(config-if)#
r2(config-if)#no ip authenti mode eigrp 1 md5
r2(config-if)#no ip authenti key-chain eigrp 1 suck-key
r2(config-if)#exit
r2(config)#
*Sep 13 18:16:04: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.18 (Serial2/2) is down: retry limit exceeded
r2(config)#
*Sep 13 18:16:08: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.18 (Serial2/2) is up: new adjacency
r2(config)#key chain suck-key
r2(config-keychain)#key chain 1
r2(config-keychain)#do sh key chain
Key-chain suck-key:
Key-chain 1:
r2(config-keychain)#int s2/2
r2(config-if)#ip authenti mode eigrp 1 md5
*Sep 13 18:17:48: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.18 (Serial2/2) is down: authentication mode changed
r2(config-if)#ip authenti key-chain eigrp 1 suck-key
r2(config-if)#
r4(config-if)#
*Sep 13 18:18:34: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.17 (Serial1/2) is down: authentication mode changed
r4(config-if)#ip authenti key-chain eigrp 1 suck-key
r4(config-if)#end
r4#
*Sep 13 18:18:55: %SYS-5-CONFIG_I: Configured from console by console
r4#sh key chain
Key-chain 1:
Key-chain suck-key:
r4#
*Sep 13 18:19:09: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.13 (Serial1/1) is down: retry limit exceeded
r4#
*Sep 13 18:20:36: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.13 (Serial1/1) is up: new adjacency
r4#
r4#Enter configuration commands, one per line. End with CNTL/Z.
r4#
*Sep 13 18:21:55: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.13 (Serial1/1) is down: retry limit exceeded
r4#
*Sep 13 18:21:58: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.20.15.13 (Serial1/1) is up: new adjacency
r4#
like i said, yuck...
a message from wendell:
Examine the configuration and the current time (show clock) on both routers.
The key chain name on the two potential neighbors does not have to match.
The key number and key string on the two potential neighbors must match.
Check which keys are currently valid using the show key chain command.
Both the ip authentication mode eigrp asn md5 interface subcommand and the ip
authentication key-chain eigrp asn name-of-chain interface subcommand must be
configured on the interface; if one is omitted, authentication fails.
No comments:
Post a Comment