Subscribe to CCIE TalkNews Feed

Browse > Home / EIGRP, Narbik WB / Narbik’s Soup-to-Nuts Workbook EIGRP Lab 5

Narbik’s Soup-to-Nuts Workbook EIGRP Lab 5

June 15, 2008 by CCIETalk  
Filed under EIGRP, Narbik WB

“Lab 5 - EIGRP authentication and advanced configuration” requires that we configure authentication for routes and also log difference eigrp logging messages. I will refer the documentation for this. That information is pretty simple and to the point.

EIGRP route authentication provides Message Digest 5 (MD5) authentication of routing updates from the EIGRP routing protocol. The MD5 keyed digest in each EIGRP packet prevents the introduction of unauthorized or false routing messages from unapproved sources.

Before you can enable EIGRP route authentication, you must enable EIGRP.

To enable authentication of EIGRP packets, use the following commands beginning in interface configuration mode:

 

 

Command

Purpose

Step 1 

Router(config)# interface type number

Configure an interface type and enter interface configuration mode

Step 2 

Router(config-if)# ip authentication mode eigrp autonomous-system md5

Enables MD5 authentication in EIGRP packets.

Step 3 

Router(config-if)# ip authentication key-chain eigrp autonomous-system key-chain

Enables authentication of EIGRP packets.

Step 4 

Router(config-if)# exit

Router(config)#

Exits to global configuration mode.

Step 5 

Router(config)# key chain name-of-chain

Identifies a key chain. (Match the name configured in Step 1.)

Step 6 

Router(config-keychain)# key number

In keychain configuration mode, identifies the key number.

Step 7 

Router(config-keychain-key)# key-string text

In keychain key configuration mode, identifies the key string.

Step 8 

Router(config-keychain-key)# accept-lifetime start-time {infinite | end-time | duration seconds}

Optionally specifies the time period during which the key can be received.

Step 9 

Router(config-keychain-key)# send-lifetime start-time {infinite | end-time | duration seconds}

Optionally specifies the time period during which the key can be sent.

 

Each key has its own key identifier (specified with the key number key chain configuration command), which is stored locally. The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and MD5 authentication key in use.

You can configure multiple keys with lifetimes. Only one authentication packet is sent, regardless of how many valid keys exist. The software examines the key numbers in order from lowest to highest, and uses the first valid key it encounters.

Logging EIGRP Neighbor Adjacency Changes

By default, the system logs EIGRP neighbor adjacency changes to help you monitor the stability of the routing system and detect problems. If you disabled logging of such changes and want to reenable the logging, use the following command in router configuration mode:

 

Command

Purpose

Router(config-router)# eigrp log-neighbor-changes

Enables logging of EIGRP neighbor adjacency changes.

Tags: ,

Comments

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.


Warning: stristr() [function.stristr]: Empty delimiter in /home/ccie/public_html/wp-content/plugins/wassup/wassup.php on line 2093