Ripv2 between pfsense and cisco



  • Has someone experience with cisco?

    I have a pfsense 2.0.1 (amd64) directly connected to a cisco 2691 via the LAN interface.
    On the pfsense I've enabled RIPv2 on LAN with password "password".

    The Lan interface is 172.16.0.254
    The cisco is connected with fa0/0.

    the cisco config is the following:
    –---------------------------------------
    R1#sh run
    Building configuration...

    Current configuration : 805 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    no ip domain lookup
    !
    !
    key chain cisco
    key 1
      key-string password
    !
    !
    interface FastEthernet0/0
    ip address 172.16.0.5 255.255.0.0
    ip rip authentication key-chain chain cisco
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 172.18.0.1 255.255.0.0
    duplex auto
    speed auto
    !
    !
    router rip
    version 2
    network 172.16.0.0
    network 172.18.0.0
    !
    !
    !
    no ip http server
    no ip http secure-server
    !
    !
    control-plane
    !
    !

    line con 0
    exec-timeout 0 0
    logging synchronous
    line aux 0
    line vty 0 4
    !
    !
    end

    R1#


    debugging speaks about invalid packets but the password is OK

    R1#debug ip rip
    RIP protocol debugging is on
    R1#
    *Mar  1 10:16:54.617: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (172.18.0.1)
    *Mar  1 10:16:54.617: RIP: build update entries
    *Mar  1 10:16:54.617:  172.16.0.0/16 via 0.0.0.0, metric 1, tag 0
    R1#
    *Mar  1 10:17:12.441: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (172.16.0.5)
    *Mar  1 10:17:12.441: RIP: build update entries
    *Mar  1 10:17:12.441:  172.18.0.0/16 via 0.0.0.0, metric 1, tag 0
    R1#
    *Mar  1 10:17:19.641: RIP: received packet with text authentication password  <-------------------OK
    *Mar  1 10:17:19.641: RIP: ignored v2 packet from 172.16.0.254 (invalid authentication)  <----------------!!!!!!!!!

    I receive no routes of WAN and DMZ on the cisco.
    Has someone any idea why there is invalid authentication?



  • Alain has helped me.

    The cause is a misconfiguration in cisco.
    The line "ip rip authentication key-chain chain cisco" must be "ip rip authentication key-chain cisco"

    Louis14


Locked