Networking Certification

Configuring RIPv2 and EIGRP marker with key chains crapper be hard at first, and the structure isn’t meet cushy to remember. But for BSCI and CCNP communicating success, we’ve got to be healthy to action this task.

In a preceding tutorial, we saw how to configure RIPv2 boat authentication, with both clear-text and MD5 marker schemes. EIGRP marker is such the same, and has the book and MD5 marker options as well. But EIGRP existence EIGRP, the bidding meet has to be a lowercase more detailed!

As with RIPv2, the marker fashion staleness be united upon by the EIGRP neighbors. If digit router’s programme is organized for MD5 marker and the far router’s programme is organized for book authentication, the nearness module change modify if the digit interfaces in discourse are organized to ingest the aforementioned password.

We’ll today configure unification marker on the nearness over an Ethernet segment. Below, you’ll wager how to configure a key concern titled EIGRP on both routers, ingest key sort 1, and ingest the key-string BSCI. Run exhibit key concern on a router to wager every key chains.

R2(config)#key concern EIGRP

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string BSCI

R2#show key chain

Key-chain EIGRP:

key 1 — book “BSCI”

accept period (always valid) - (always valid) [valid now]

send period (always valid) - (always valid) [valid now]

R3(config)#key concern EIGRP

R3(config-keychain)#key 1

R3(config-keychain-key)#key-string BSCI

R3#show key chain

Key-chain EIGRP:

key 1 — book “BSCI”

accept period (always valid) - (always valid) [valid now]

send period (always valid) - (always valid) [valid now]

The EIGRP bidding to administer the key concern is a taste of a discompose to remember, because the prescript and AS sort is identified in the region of the command, not the beginning. Also state that digit commands are necessary - digit to study the key chain, added to delimitate the marker fashion in use.

R2(config)#interface ethernet0

R2(config-if)#ip marker key-chain eigrp 100 EIGRP

R2(config-if)#ip marker fashion eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.3 (Ethernet0) is down: keychain changed

R3(config)#interface ethernet0

R3(config-if)#ip marker key-chain eigrp 100 EIGRP

R3(config-if)#ip marker fashion eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.2 (Ethernet0) is up:

As with RIPv2, the existing nearness was torn downbound when digit lateral was organized with authentication. If the key concern is aright circumscribed and practical on both sides, the nearness module become backwards up. Always separate exhibit ip eigrp edge to attain trusty the nearness is present. Learn the info of EIGRP key chains by configuring them on your bag work equipment, and you’ll be more than primed for BSCI communicating success!

Chris Bryant, CCIE #12933, is the someone of The Bryant Advantage, bag of liberated CCNP and CCNA tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

For a FREE double of his stylish e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, meet meet the website! You crapper also intend FREE CCNA and CCNP communicating questions every day! Pass the CCNP communicating with The Bryant Advantage!

Tags: authentication, bsci, ccnp, chain, cisco, configure, eigrp, exam, free, interface, key, packet, passauthentication, bsci, ccnp, chain, cisco, configure, eigrp, exam, free, interface, key, packet, pass

Share This

When you attained your CCNA, you intellection you scholarly everything there is to undergo most RIP. Close, but not quite! There are whatever added info you requirement to undergo to transfer the BSCI communicating and intend digit travel fireman to the CCNP exam, and digit of those involves RIP update boat authentication.

You’re old with whatever advantages of using RIPv2 over RIPv1, hold for VLSM honcho among them. But digit plus that you’re not introduced to in your CCNA studies is the knowledge to configure routing update boat authentication.

You hit digit options, country book and MD5. Clear book is meet that - a country book countersign that is circumpolar by anyone who crapper garner a boat soured the wire. If you’re feat to go to the pain of configuring update authentication, you should ingest MD5. The MD stands for “Message Digest”, and this is the formula that produces the hash continuance for the countersign that module be contained in the update packets.

Not exclusive staleness the routers concord on the password, they staleness concord on the marker method. If digit router sends an MD5-hashed countersign to added router that is organized for clear-text authentication, the update module not be accepted. debug ip countercurrent is a enthusiastic bidding for troubleshooting genuine updates.

R1, R2, and R3 are streaming RIP over a inclose passage cloud. Here is how RIP marker would be organized on these threesome routers.

R1#conf t

R1(config)#key concern RIP

< The key concern crapper hit some name. >

R1(config-keychain)#key 1

< attorney chains crapper hit binary keys. Number them carefully when using multiples. >

R1(config-keychain-key)#key-string CISCO

< This is the book progress the key module ingest for authentication. >

R1(config)#int s0

R1(config-if)#ip countercurrent marker fashion text

< The programme module ingest clear-text mode. >

R1(config-if)#ip countercurrent marker key-chain RIP

< The programme is using key concern RIP, organized earlier. >

R2#conf t

R2(config)#key concern RIP

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string CISCO

R2(config)#int s0.123

R2(config-subif)#ip countercurrent marker fashion text

R2(config-subif)#ip countercurrent marker key-chain RIP

R3#conf t

R3(config)#key concern RIP

R3(config-keychain)#key 1

R3(config-keychain-key)#key-string CISCO

R3(config)#int s0.31

R3(config-subif)#ip countercurrent marker fashion text

R3(config-subif)#ip countercurrent marker key-chain RIP

To ingest MD5 marker kinda than clear-text, only change the word “text” in the ip countercurrent marker fashion bidding with md5.

Here’s what a successfully marker RIPv2 boat looks like, manner of debug ip rip. Clear-text marker is in gist and the countersign is “cisco”.

3d04h: RIP: conventional boat with book marker cisco

3d04h: RIP: conventional v2 update from 150.1.1.3 on Ethernet0

3d04h: 100.0.0.0/8 via 0.0.0.0 in 1 hops

3d04h: 150.1.2.0/24 via 0.0.0.0 in 1 hops

Here’s what it looks same when the far figure is ordered for MD5 marker and the topical router is ordered for clear-text. You’ll also wager this communication if the countersign itself is incorrect.

3d04h: RIP: unnoticed v2 boat from 150.1.1.3 (invalid authentication)

“Debug ip rip” haw be a ultimate bidding as compared to the debugs for another protocols. but it’s also a rattling coercive debug. Start using debugs as primeval as doable in your Cisco studies to see how router commands rattling work!

Chris Bryant, CCIE #12933, is the someone of The Bryant Advantage, bag of liberated CCNP and CCNA tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

For a FREE double of his stylish e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, meet meet the website! You crapper also intend FREE CCNA and CCNP communicating questions every day! Pass the CCNP communicating with The Bryant Advantage!

Tags: authentication, bsci, ccnp, clear, command, exam, free, interface, md5, packet, pass, rip, text, tutauthentication, bsci, ccnp, clear, command, exam, free, interface, md5, packet, pass, rip, text, tut

Share This

To transfer your CCNA communicating and acquire this desirable certification, you staleness see the info of port-based authentication. This noesis has a enthusiastic care of continuance in creation networks as well, since this marker plot is regularly implemented. Let’s verify a countenance at this portion CCNA skill.

Consider a status where you hit a computer that module be adjoining to your switch, and you poverty the opening to closed downbound if a figure with a assorted MAC come that that of the alter attempts to enter to that port. You could also hit a status where you hit someone who has a unification to a alter opening in his office, and he wants to attain trusty that exclusive his laptop crapper ingest that port.

Both of these examples are real-world situations, and there are digit solutions for each. First, we could create a noise MAC entry for that portion alter port. I don’t propose this, mainly because both you and I hit meliorate things to do than control noise MAC entries. The meliorate resolution is to configure port-based marker on the switch.

The Cisco alter uses MAC addresses to oblige opening security. With opening security, exclusive devices with destined MAC addresses crapper enter to the opening successfully. This is added think maker MACs are looked at before the instruction MAC is examined. If the maker MAC is non-secure and port-based marker is in effect, the instruction does not matter, as the inclose module not be forwarded. In essence, the maker MAC come serves as the password.

MAC addresses that are allowed to successfully transmit with the alter opening are bonded MAC addresses. The choice sort of bonded MAC addresses is 1, but a peak of 132 bonded MACs crapper be configured.

When a non-secure MAC come attempts to transmit with the alter port, digit of threesome actions module occur, depending on the opening section mode. In Protect mode, frames with non-secure MAC addresses are dropped. There is no asking that a ravishment has occurred. The opening module move to alter frames for the bonded MAC address.

In Restrict mode, the aforementioned land is taken, but a syslog communication is logged via SNMP, which is a messaging prescript utilised by Cisco routers.

In Shutdown mode, the programme goes into error-disabled state, the opening diode module go out, and a syslog communication is logged. The opening has to be manually reopened. Shutdown fashion is the choice port-security mode.

Port-based marker is meet digit of the some change skills you’ll hit to shew to acquire your CCNA certification. Make trusty you undergo the principle shown here, including the land of apiece portion mode, and you’re on your artefact to CCNA communicating success!

Chris Bryant, CCIE #12933, is the someone of The Bryant Advantage, bag of liberated CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

You crapper also tie his RSS take and meet his blog, which is updated individual nowadays regular with newborn Cisco authorisation articles, liberated tutorials, and regular CCNA / CCNP communicating questions! Details are on the website.

For a FREE double of his stylish e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, meet the website and download your liberated copies. You crapper also intend FREE CCNA and CCNP communicating questions every day! Get your CCNA think pass from The Bryant Advantage!

Tags: authentication, based, ccie, ccna, certification, cisco, exam, free, mac, pass, port, secure, switchauthentication, based, ccie, ccna, certification, cisco, exam, free, mac, pass, port, secure, switch

Share This