Notes:
My lifetime config on all routers:
R(config-keychain-key)# accept-lifetime 06:00:00 May 9 2012 infinite
R(config-keychain-key)# send-lifetime 06:00:00 May 9 2012 infinite
- GNS3 0.8.1
- VirtualBox 4.1.6
- Still using the same topology from ntp server post:
- Global config command clock save interval hours crashed the routers... so I'm not using this as a soloution.
This works great until the project gets saved, closed and then opened the next day. Time is not saved in the startup-config (by default) so when the routers start they go to their initial time value (for my IOS version it’s 00:00:00.0 UTC Fri Mar 1 2002). I have valid keys (they should be “valid now”) but they are not valid because the valid-time is in the future… about 10 years away. And, since there are no current valid keys and since authentication is set on each eigrp interface, there are no eigrp neighbors… meaning I only have connected routes. This is a problem because my ntp server (a virtual box xp machine) is only reachable by the routers after R1 shares its route (eigrp converges). Until this happens, the ntp server is unreachable and the routers will be stuck on stupid time. I need current time so my key-string is valid and I can establish eigrp neighborship thus populating the routing table with a route for each router to the ntp server.
Luckily this is an easy fix: Rn# clock set 09:00:00 May 10 2012
Neighborships will form right away and, after several minutes, the routers will sync with the ntp peer WinXP and set their clocks accordingly and life in this LAN is happy happy!
When setting lifetimes on keys, it's important to make sure to not only do the “accept-lifetime” but also the “send-lifetime” as this second part is easily forgotten. A flapping eigrp neighbor is a sign that this could be missing. Na zdravje!
No comments:
Post a Comment