RIP Authentication between Cisco IOS & Quagga


For some reason, this wrecks my head every time I have to set it up. It should be simple yes? It looks simple when you see the config below yes?

… well each time I have to set it up, it costs me several hours. I guess it’s some kind of mental block or something.

Anyway, the instructions …

/etc/quagga/ripd.conf

!
hostname quagga.domain.local
password zebra
log file /var/log/quagga/ripd.log
!
!debug rip packet
!
key chain ka1
 key 1
  key-string password
!
interface eth0
 ip rip authentication mode text
 ip rip authentication key-chain ka1
!
router rip
 redistribute kernel
 redistribute connected
 redistribute static
 network 192.168.0.0/24
 network eth0
 distribute-list routes-out out eth0
!
access-list routes-out deny 169.254.0.0/16
access-list routes-out permit any
!
line vty
!

And on the cisco end (just the appropriate parts here) …

!
key chain ka1
 key 1
  key-string password
!
interface Vlan100
 ip address 192.168.253.1 255.255.255.0
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip rip authentication key-chain ka1
!
router rip
 version 2
 redistribute connected
 redistribute static
 network 192.168.0.0
 network 192.168.253.0
 distribute-list 50 out
!
access-list 50 permit 192.168.0.0 0.0.255.255
access-list 50 deny   any
!

And of course it won’t work when you try that (coz that’s how life is). So you’ll need to debug it.
On the cisco end you can debug with

debug ip rip
enable
term mon

and on the quagga end you can debug with

telnet localhost 2602
enable
debug rip packet

The password (if it asks) is whatever you have in your ripd.conf, typically zebra.

  1. No comments yet.
(will not be published)


css.php