NETWORK LESSON

EIGRP Authentications Mindmaps and Configurations

Published by

Recto Orpia

on

On this post, I will be configuring EIGRP authentications between two EIGRP neighbors.

I have created another mindmaps to highlights important concepts related to EIGRP authentications as shown below.

Below is a mindmaps on the important configuration commands to enable EIGRP authentications.

As practice makes mastery of the concepts, I have created the following GNS3 topology to completely understand the theory.

 

  
EIGRP CONFIGURATIONS OF MANILA ROUTER:


 R1#config t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#host
R1(config)#hostname MANILA
MANILA(config)#int s3/0
MANILA(config-if)#ip address 192.168.12.1 255.255.255.0
MANILA(config-if)#no shut
MANILA(config-if)#exit

MANILA(config)#router eigrp 12
MANILA(config-router)#network 192.168.12.0
MANILA(config-router)#no auto-summary
MANILA(config-router)#^Z

EIGRP CONFIGURATIONS OF MELBOURNE ROUTER:

R2#config t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#hostname MELBOURNE
MELBOURNE(config)#int s3/0
MELBOURNE(config-if)#ip address 192.168.12.2 255.255.255.0
MELBOURNE(config-if)#no shut

MELBOURNE(config)#router eigrp 12
MELBOURNE(config-router)#network 192.168.12.0
MELBOURNE(config-router)#no auto-summary
MELBOURNE(config-router)#^Z
MELBOURNE#

 VERIFICATIONS:  As observed , EIGRP neighbors have been established.

MANILA#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(12)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.12.2            Se3/0                    11 00:08:28  108   648  0  1
MANILA#

 Now let’s add the authentication on MANILA Router, and observed what will happen,

 MANILA(config)#key chain ?
  WORD  Key-chain name

MANILA(config)#key chain MYCCIELAB
MANILA(config-keychain)#?
Key-chain configuration commands:
  default  Set a command to its defaults
  exit     Exit from key-chain configuration mode
  key      Configure a key
  no       Negate a command or set its defaults

MANILA(config-keychain)#key ?
    Key identifier

MANILA(config-keychain)#key 1
MANILA(config-keychain-key)#?
Key-chain key configuration commands:
  accept-lifetime  Set accept lifetime of key
  default          Set a command to its defaults
  exit             Exit from key-chain key configuration mode
  key-string       Set key string
  no               Negate a command or set its defaults
  send-lifetime    Set send lifetime of key

MANILA(config-keychain-key)#key-string ?
  0     Specifies an UNENCRYPTED password will follow
  7     Specifies a HIDDEN password will follow
  LINE  The UNENCRYPTED (cleartext) user password (Maximum 80 characters)

MANILA(config-keychain-key)#key-string Secret
MANILA(config-keychain-key)#exit
MANILA(config-keychain)#exit
MANILA(config)#
MANILA(config)#int s3/0
MANILA(config-if)#ip auth
MANILA(config-if)#ip authentication ?
  key-chain  key-chain
  mode       mode

MANILA(config-if)#ip authentication mode ?
  eigrp  Enhanced Interior Gateway Routing Protocol (EIGRP)

MANILA(config-if)#ip authentication mode eigrp ?
    AS number

MANILA(config-if)#ip authentication mode eigrp 12 ?
  md5  Keyed message digest

MANILA(config-if)#ip authentication mode eigrp 12 md5

As seen the moment, I have enabled MD5 authentication on the interface connected to MELBOURNE router, DUAL have sent a console logs that MELBOURNE router is not reachable.


*Jul 14 14:04:49.235: %DUAL-5-NBRCHANGE: EIGRP-IPv4 12: Neighbor 192.168.12.2 (Serial3/0) is down: authentication mode changed

Let’s add the “ip authentication key-chain eigrp 12 MYCCIELAB” to complete the configurations.

MANILA(config-if)#ip authentication key-chain eigrp 12 MYCCIELAB
MANILA(config-if)#

Now, let’s configure the same for MELBOURNE Router but intentionally, I would be setting another key string and observed what will happen.

MELBOURNE(config)#key chain MYCCIELAB
MELBOURNE(config-keychain)#key 1
MELBOURNE(config-keychain-key)#key-string NoSecret
MELBOURNE(config-keychain-key)#exit
MELBOURNE(config-keychain)#exit

MELBOURNE(config)#int s3/0
MELBOURNE(config-if)#ip authentication mode eigrp 12 md5
MELBOURNE(config-if)#ip authentication key-chain eigrp 12 MYCCIELAB
MELBOURNE(config-if)#^Z

By enabling “debug packet eigrp” on the MANILA Router, we can see the error showing the mismatch of the Key string.

MANILA#debug eigrp packets
    (UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
EIGRP Packet debugging is on
*Jul 14 14:21:30.399: EIGRP: pkt key id = 1, authentication mismatch
*Jul 14 14:21:30.403: EIGRP: Se3/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication)

Let us correct the key String on MELBOURNE router to established the adjacency.As observed, below the moment that the correct key string were configured.

MELBOURNE(config-keychain-key)#key-string Secret
MELBOURNE(config-keychain-key)#^Z
MELBOURNE#
*Jul 14 16:12:32.279: %DUAL-5-NBRCHANGE: EIGRP-IPv4 12: Neighbor 192.168.12.1 (Serial3/0) is up: new adjacency
*Jul 14 16:12:32.959: %SYS-5-CONFIG_I: Configured from console by console
MELBOURNE#

Leave a comment

Previous Post
Next Post

Recent posts

Quote of the week

"People ask me what I do in the winter when there's no baseball. I'll tell you what I do. I stare out the window and wait for spring."

~ Rogers Hornsby

NETWORK LESSON

About

Passionate about simplifying the complex world of networking and automation for learners everywhere.”.

Topics

Follow Us

Create a website or blog at WordPress.com