Categories R&S

L3 Technologies – EIGRP – Authentication

In this post, I will have a look at the different authentication methods that can be used with EIGRP.

 

Cisco link for the configuration guide:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mt-book/ire-sha-256.html

 

L3 Technologies – EIGRP – Authentication – Physical network diagram

L3 Technologies – EIGRP - Authentication – Physical network diagram

 

L3 Technologies – EIGRP – Authentication – MD5:

 

MD5 is the less secured method to authenticate EIGRP.

MD5 authentication is configured at the interface level.

 

Let’s use it between R1 and R4.

R1(config)#key chain EIGRP
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CISCO

R1(config)#int eth 0/2
R1(config-if)#ip authentication mode eigrp 10 md5
R1(config-if)#ip authentication key-chain eigrp 10 EIGRP

 

We use the same key-chain on R4.

If there is a mismatch with the authentication, the debug will show something like this in the log.

EIGRP: Et0/0: ignored packet from 10.10.14.1, opcode = 5 (authentication off or key-chain missing)

 

Because R4 is using named mode, we need to configure the MD5 authentication under the EIGRP process.

R4(config)#router eigrp CISCO
R4(config-router)#address-family ipv4 unicast autonomous-system 10
R4(config-router-af)#af-interface eth0/0
R4(config-router-af-interface)#authentication mode md5
R4(config-router-af-interface)#authentication key-chain EIGRP
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.10.14.1 (Ethernet0/0) is up: new adjacency

 

And here we go, the neighbor adjacency is UP again.

 

L3 Technologies – EIGRP – Authentication – HMAC SHA2-256bit:

 

With EIGRP named mode, a new authentication method can be used. It is much more secured than MD5.

 

It is configured under the address-family interface.

Let’s used it to authentication the neighbor relationship between R4 and R5.

R4(config)#router eigrp CISCO
R4(config-router)#address-family ipv4 unicast autonomous-system 10
R4(config-router-af)#af-interface Eth 0/1
R4(config-router-af-interface)#authentication mode hmac-sha-256 NEWPASS

 

We use the same on R5 and the neighbor adjacency is UP again.

 

 

That’s all for this easy part about EIGRP authentication.

In the next post I will have a closer look at EIGRP summarization and path selection.

 

 

Thank you for reading.

Have a look at my previous EIGRP posts:

L3 technologies – EIGRP – Initialization

 

 

L3 Technologies – EIGRP – Authentication

Leave a Reply

Your email address will not be published.