If you don’t use authentication and you are running EIGRP someone could try to form an EIGRP neighbor adjacency with one of your routers and try to hack into your network.We can use MD5 authentication with EIGRP.
By using authentication your router will authenticate the source of each routing update packet that it will receive. it can also used to prevents false routing updates from sources that are not approved. By enabling authentication its possile to ignore malicious routing updates.
Steps
1. Configure a key chain to group the keys.
2. Configure one or more keys within that key chain. The router checks all inbound packets against the list of keys and uses the first valid one it finds.
3. Configure the password or authentication string for that key.Repeat Steps 2 and 3 to add more keys if desired.
4. Optionally configure a lifetime for the keys within that key chain.If you do this, be sure that the time is synchronized between the two routers.
5. Enable authentication and assign a key chain to an interface.
6. Designate MD5 as the type of authentication
Create Key Chain:
R(config)#key chain < key chain name >Applying Authentication:
R(config-keychain)#key < number >
R(config-keychain-key)#key-string < string >
R(config-keychain-key)# send-lifetime < hh:mm:ss > <hh:mm:ss> (optional)
R(config-keychain-key)# accept-lifetime <hh:mm:ss> <hh:mm:ss> (optional)
R(config)#interface < interface >Verify
R(config-subif)#ip authentication mode eigrp <as_no> md5
R(config-subif)# ip authentication key-chain eigrp <as_no> < key chain name>
Router# show key chainClick here for MD5 Authentication Lab
Router# debug eigrp packets
I came here while searching notes for my ccnp.Nice blog.Keep writing
ReplyDeleteMD5 is the only authentication method supported by EIGRP
ReplyDeletegood notes bro...
ReplyDeleteThanks for the notes
ReplyDeleteGood keep writing notes on route reflecter, vss and nexus
ReplyDeleteVery Good Notes
ReplyDelete