EIGRP Authentication

EIGRP Authentication
If you don’t use authentication and you are running EIGRP someone could try to form an EIGRP neighbor adjacency with one of your routers and try to hack into your network.We can use MD5 authentication with EIGRP.
 
By using authentication your router will authenticate the source of each routing update packet that it will receive. it can also used to prevents false routing updates from sources that are not approved. By enabling authentication its possile to ignore malicious routing updates.
Steps
1. Configure a key chain to group the keys.
2. Configure one or more keys within that key chain. The router checks all inbound packets against the list of keys and uses the first valid one it finds.
3. Configure the password or authentication string for that key.Repeat Steps 2 and 3 to add more keys if desired.
4. Optionally configure a lifetime for the keys within that key chain.If you do this, be sure that the time is synchronized between the two routers.
5. Enable authentication and assign a key chain to an interface.
6. Designate MD5 as the type of authentication
 
Create Key Chain:
R(config)#key chain < key chain name >
R(config-keychain)#key < number >
R(config-keychain-key)#key-string < string >
R(config-keychain-key)# send-lifetime < hh:mm:ss > <hh:mm:ss>  (optional)
R(config-keychain-key)# accept-lifetime <hh:mm:ss> <hh:mm:ss> (optional)
Applying Authentication:
R(config)#interface < interface >
R(config-subif)#ip authentication mode eigrp <as_no> md5
R(config-subif)# ip authentication key-chain eigrp <as_no> < key chain name>
Verify
Router# show key chain
Router# debug eigrp packets
Click here for MD5 Authentication Lab

5 comments:

  1. I came here while searching notes for my ccnp.Nice blog.Keep writing

    ReplyDelete
  2. MD5 is the only authentication method supported by EIGRP

    ReplyDelete
  3. good notes bro...

    ReplyDelete
  4. Thanks for the notes

    ReplyDelete
  5. Good keep writing notes on route reflecter, vss and nexus

    ReplyDelete