If you don’t use authentication and you are running EIGRP someone could try to form an EIGRP neighbor adjacency with one of your routers and try to hack into your network.We can use MD5 authentication with EIGRP.
By using authentication your router will authenticate the source of each routing update packet that it will receive. it can also used to prevents false routing updates from sources that are not approved. By enabling authentication its possile to ignore malicious routing updates.
1. Configure a key chain to group the keys.
2. Configure one or more keys within that key chain. The router checks all inbound packets against the list of keys and uses the first valid one it finds.
3. Configure the password or authentication string for that key.Repeat Steps 2 and 3 to add more keys if desired.
4. Optionally configure a lifetime for the keys within that key chain.If you do this, be sure that the time is synchronized between the two routers.
5. Enable authentication and assign a key chain to an interface.
6. Designate MD5 as the type of authentication
Create Key Chain:
R(config)#key chain < key chain name >Applying Authentication:
R(config-keychain)#key < number >
R(config-keychain-key)#key-string < string >
R(config-keychain-key)# send-lifetime < hh:mm:ss > <hh:mm:ss> (optional)
R(config-keychain-key)# accept-lifetime <hh:mm:ss> <hh:mm:ss> (optional)
R(config)#interface < interface >Verify
R(config-subif)#ip authentication mode eigrp <as_no> md5
R(config-subif)# ip authentication key-chain eigrp <as_no> < key chain name>
Router# show key chainClick here for MD5 Authentication Lab
Router# debug eigrp packets