Cisco CCNP / BCSI Exam Tutorial: Configuring EIGRP Packet Authentication

 


Visitors: 289

Configuring RIPv2 and EIGRP authentication with key chains can be tricky at first, and the syntax isn't exactly easy to remember. But for BSCI and CCNP exam success, we've got to be able to perform this task.

In a previous tutorial, we saw how to configure RIPv2 packet authentication, with both clear-text and MD5 authentication schemes. EIGRP authentication is much the same, and has the text and MD5 authentication options as well. But EIGRP being EIGRP, the command just has to be a little more detailed!

As with RIPv2, the authentication mode must be agreed upon by the EIGRP neighbors. If one router's interface is configured for MD5 authentication and the remote router's interface is configured for text authentication, the adjacency will fail even if the two interfaces in question are configured to use the same password.

We'll now configure link authentication on the adjacency over an Ethernet segment. Below, you'll see how to configure a key chain called EIGRP on both routers, use key number 1, and use the key-string BSCI. Run show key chain on a router to see all key chains.

R2(config)#key chain EIGRP

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string BSCI

R2#show key chain

Key-chain EIGRP:

key 1 - text “BSCI"

accept lifetime (always valid) - (always valid) [valid now]

send lifetime (always valid) - (always valid) [valid now]

R3(config)#key chain EIGRP

R3(config-keychain)#key 1

R3(config-keychain-key)#key-string BSCI

R3#show key chain

Key-chain EIGRP:

key 1 - text “BSCI"

accept lifetime (always valid) - (always valid) [valid now]

send lifetime (always valid) - (always valid) [valid now]

The EIGRP command to apply the key chain is a bit of a pain to remember, because the protocol and AS number is identified in the middle of the command, not the beginning. Also note that two commands are needed - one to name the key chain, another to define the authentication mode in use.

R2(config)#interface ethernet0

R2(config-if)#ip authentication key-chain eigrp 100 EIGRP

R2(config-if)#ip authentication mode eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.3 (Ethernet0) is down: keychain changed

R3(config)#interface ethernet0

R3(config-if)#ip authentication key-chain eigrp 100 EIGRP

R3(config-if)#ip authentication mode eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.2 (Ethernet0) is up:

As with RIPv2, the existing adjacency was torn down when one side was configured with authentication. If the key chain is correctly defined and applied on both sides, the adjacency will come back up. Always run show ip eigrp neighbor to make sure the adjacency is present. Learn the details of EIGRP key chains by configuring them on your home lab equipment, and you'll be more than ready for BSCI exam success!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNP and CCNA tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

For a FREE copy of his latest e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, just visit the website! You can also get FREE CCNA and CCNP exam questions every day! Pass the CCNP exam with The Bryant Advantage!

(580)

Article Source:


 
Rate this Article:  0.0/5(0 Ratings)

Related Articles:

Cisco CCNP / BCSI Exam Tutorial: Broadcasts And The IP Helper-Address Command

by: Chris Bryant (April 20, 2006) 
(Computers and Technology/Certification Tests)

Cisco CCNA-CCNP Certification Exam Tutorial: EIGRP And Split Horizon

by: Chris Bryant (February 07, 2007) 
(Computers and Technology)

Cisco CCNP / BCMSN Exam Tutorial: Configuring PortFast And BPDU Guard

by: Chris Bryant (April 06, 2006) 
(Computers and Technology/Certification Tests)

Cisco CCNA / CCNP Certification Exam Tutorial: Configuring PPP Callback

by: Chris Bryant (July 10, 2006) 
(Computers and Technology/Certification Tests)

Cisco CCNP / BCMSN Exam Tutorial: Configuring CGMP On Routers & Switches

by: Chris Bryant (April 18, 2006) 
(Computers and Technology/Certification Tests)

Cisco CCNP / BSCI Exam Tutorial: Configuring And Troubleshooting OSPF Virtual ..

by: Chris Bryant (April 05, 2006) 
(Computers and Technology/Certification Tests)

CCNP / BSCI Exam Tutorial: EIGRP Stub Routing

by: Chris Bryant (March 20, 2006) 
(Computers and Technology/Certification Tests)

CCNP Certification / BSCI Exam Tutorial: EIGRP Stuck-In-Active Routes

by: Chris Bryant (April 29, 2006) 
(Computers and Technology/Certification Tests)

Cisco CCNP Certification BSCI 642-901 Exam Training: The EIGRP Adjacency

by: Chris Bryant (January 09, 2007) 
(Computers and Technology)

Cisco CCNP Certification Training Tutorial: The New 642-825 ISCW CCNP Exam

by: Chris Bryant (November 21, 2006) 
(Computers and Technology)