EIGRP Named - Authentication
Authentication
EIGRP (Enhanced Interior Gateway Routing Protocol) Named Mode introduces named authentication as a means of securing routing information exchanges between routers. Named authentication allows network administrators to assign a specific name to an authentication key chain, which can then be applied to EIGRP routing processes. This approach enhances security by facilitating the use of different authentication mechanisms, such as MD5 or SHA-256, for various EIGRP instances. Administrators can configure key chains with unique identifiers, cryptographic algorithms, and secret keys, adding an extra layer of protection to the EIGRP updates exchanged between routers. By employing EIGRP Named Authentication, network operators can better manage and customize authentication settings for different segments of their network, enhancing overall security and integrity of EIGRP routing communications.
Lab:
Disclaimer
This Configuration Guide is designed to assist members to enhance their skills in particular technology area. While every effort has been made to ensure that all material is as complete and accurate as possible, the enclosed material is presented on an Dzas isdz basis. Neither the authors nor Forum assume any liability or responsibility to any person or entity with respect to loss or damages incurred from the information contained in this guide. This configuration guide was developed by Forum. Any similarities between material presented in this configuration guide and any other material is completely coincidental.
Cisco IOS Software, Linux Software (I86BI_LINUX-ADVENTERPRISEK9-M), Version 15.2(4)M1, DEVELOPMENT TEST SOFTWARE
Task 1: Configure IPv4 EIGRP Authentication using named configuration
Step 1: In the configuration mode of router configure IPv4 EIGRP process with a name
R1:
router eigrp cisco
address-family ipv4 autonomous-system 100
net 12.0.0.1 0.0.0.0
net 11.0.1.1 0.0.0.0
net 11.0.2.1 0.0.0.0
net 11.0.3.1 0.0.0.0
exit
Step 2: In the configuration mode of router configure create Key chain and assign key and select encryption mode
R1:
key chain akbar
key 1
key-string cisco
exit
interface serial 2/0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 akbar
exit
Step 3: Enable EIGRP authentication on both the neighbors
R2:
key chain birbal
key 1
key-string cisco
exit
interface serial 2/0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 birbal
exit
Task 2: Verification:
Step 1: Verification of authentication by following command:
R1#show running-config
key chain akbar
key 1
key-string cisco
!
!
interface Serial2/0
ip address 12.0.0.1 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 akbar
serial restart-delay 0
!
!
router eigrp cisco
!
address-family ipv4 unicast autonomous-system 100
!
topology base
exit-af-topology
network 11.0.1.1 0.0.0.0
network 11.0.2.1 0.0.0.0
network 11.0.3.1 0.0.0.0
network 12.0.0.1 0.0.0.0
exit-address-family
!
R2#show running-config
key chain birbal
key 1
key-string cisco
!
!
interface Serial2/0
ip address 12.0.0.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 birbal
serial restart-delay 0
!
!
router eigrp cisco
!
address-family ipv4 unicast autonomous-system 100
!
topology base
network 12.0.0.2 0.0.0.0
network 22.0.1.2 0.0.0.0
network 22.0.2.2 0.0.0.0
network 22.0.3.2 0.0.0.0
network 23.0.0.2 0.0.0.0
!
exit-address-family
!
Step 2: Verify EIGRP neighborship by following command:
R1#show ip eigrp neighbors
EIGRP-IPv4 VR(cisco) Address-Family Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 12.0.0.1 Se2/0 10 00:00:19 17 102 0 6
R2#show ip eigrp neighbors
EIGRP-IPv4 VR(cisco) Address-Family Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 12.0.0.1 Se2/0 11 00:00:33 11 100 0 13
1 23.0.0.3 Et0/0 12 00:13:54 1 100 0 15