[c-nsp] IP authentication won't take...

Jeff Kell jeff-kell at utc.edu
Tue Jan 29 11:15:49 EST 2008


Anyone ever seen this before?  

I have a series of distribution switches (3550s/3560s/3750s mostly) linked to a 6509 using EIGRP with route authentication.

Everything has worked up to this point, until trying to add a recent 3550-12G.

It won't establish the EIGRP session.

The keys are the same on both ends.

The OSPF process ID numbers are the same on both ends.

The SVI Vlan configuration is the same on both ends (except for the actual IP address).

I thought it might be an IOS issue, so updated to latest for this platform (12.2(44)SE).  No joy.

It "takes" the IP authentication configuration commands, but they just "disappear", e.g.,

> Admin-Servers#sho run int vlan800
> Building configuration...
> 
> Current configuration : 93 bytes
> !
> interface Vlan800
>  description global vrf uplink
>  ip address 10.64.1.6 255.255.252.0
> end
> 
> Admin-Servers#conf t
> Enter configuration commands, one per line.  End with CNTL/Z.
> Admin-Servers(config)#int vlan800
> Admin-Servers(config-if)# ip authentication mode eigrp 800 md5
> Admin-Servers(config-if)# ip authentication key-chain eigrp 800 utc-route-key
> Admin-Servers(config-if)#exit
> Admin-Servers(config)#exit
> Admin-Servers#sho run int vlan800
> Building configuration...
> 
> Current configuration : 93 bytes
> !
> interface Vlan800
>  description global vrf uplink
>  ip address 10.64.1.6 255.255.252.0
> end

What's up with that?  

EIGRP is up and running, the vlan is up and connected, and can ping both ways.

> Admin-Servers#sho run | beg router
> router eigrp 800
>  redistribute connected
>  no auto-summary
>  network 10.64.0.0 0.0.3.255
 
> Admin-Servers#sho ip proto
> *** IP Routing is NSF aware ***
> 
> Routing Protocol is "eigrp 800"
>   Outgoing update filter list for all interfaces is not set
>   Incoming update filter list for all interfaces is not set
>   Default networks flagged in outgoing updates
>   Default networks accepted from incoming updates
>   Redistributing: connected, eigrp 800
> 
> Address Family Protocol EIGRP-IPv4:(800)
>   EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
>   EIGRP maximum hopcount 100
>   EIGRP maximum metric variance 1
>   EIGRP NSF-aware route hold timer is 240
>   Topologies : 0(base) 
> 
>   Automatic network summarization is not in effect
>   Maximum path: 4
>   Routing for Networks:
>     10.64.0.0/22
>   Routing Information Sources:
>     Gateway         Distance      Last Update
>   Distance: internal 90 external 170

Confused,

Jeff


More information about the cisco-nsp mailing list