[c-nsp] RIP and MD5 problem

Thomas Braun tb at westend.com
Thu Aug 25 10:35:35 EDT 2005 

Hello Group,

i try to configure rip version 2 with md5 authentication between quagga
and cisco, but it doesn't work.

I see Quagga is sending MD5  encrypted Data but the Cisco isn't sending
authentication data.
Without using authentication there is no problem.

Here is a tcpdump output captured with  tcpdump -i eth0 port 520 -vv -s
1500 -f -n

Cisco:
6:14:18.911778 IP (tos 0xc0, ttl   2, id 0, offset 0, flags [none],
length: 192) X.X.87.145.5
20 > 224.0.0.9.520: [udp sum ok]
        RIPv2, Response, length: 164, routes: 8
          AFI: IPv4:         0.0.0.0/0 , tag 0x0000, metric: 1,
next-hop: self
          AFI: IPv4:  X.X.87.104/29, tag 0x0000, metric: 1, next-hop: self
          AFI: IPv4:  X.X.87.112/28, tag 0x0000, metric: 1, next-hop: self
          AFI: IPv4:  X.X.87.128/29, tag 0x0000, metric: 1, next-hop: self
          AFI: IPv4:  X.X.87.136/29, tag 0x0000, metric: 1, next-hop: self
          AFI: IPv4:  X.X.87.160/29, tag 0x0000, metric: 1, next-hop: self
          AFI: IPv4:  X.X.87.168/29, tag 0x0000, metric: 1, next-hop: self
          AFI: IPv4:  X.X.87.176/28, tag 0x0000, metric: 1, next-hop: self

Quagga:
16:17:38.082100 IP (tos 0x0, ttl   1, id 0, offset 0, flags [DF],
length: 112) X.X.87.147.520 > 224.0.0.9.520: [udp sum ok]
        RIPv2, Response, length: 84, routes: 4
          Unknown (3) Authentication data:
          0x0000:  0040 0014 430d d302 0000 0000 0000 0000
          AFI: IPv4:    X.X.64.0/28, tag 0x0000, metric: 4, next-hop:
X.X.87.145
          AFI: IPv4:   X.X.77.32/27, tag 0x0000, metric: 1, next-hop: self
          Unknown (1) Authentication data:
          0x0000:  1c1e 15c3 6fad 9be5 0d97 2aa3 5528 a394



Here is my Cisco config:
router rip
 version 2
 passive-interface default
 no passive-interface GigabitEthernet0/2.133
 network x.x.87.0
 default-information originate
 no auto-summary
!
interface GigabitEthernet0/2.133
 encapsulation dot1Q 133
 ip address X.X.87.145 255.255.255.240
 ip flow ingress
 ip rip authentication mode md5
 ip rip authentication key-chain TEST
no cdp enable
end

key chain TEST
 key 0
  key-string test
!


My Quagga config:

key chain TEST
 key 0
  key-string test
!
interface eth0
 ip rip authentication mode md5 auth-length old-ripd
 ip rip authentication key-chain TEST
!
router rip
 version 2
 redistribute connected
 redistribute static
network X.X.77.33/27
 network X.X.87.146/28
 default-metric 4

Maybe i missing something?

I use IOS 12.2.25S5 on a 7204 VXR, i tried the same configuration on  a
3640 with ios 12.3.9 and it works.


Thanks
Thomas

More information about the cisco-nsp mailing list