- EIGRP packets can ONLY be authenticated using an MD5 cryptographic checksum.
- Configured using key-chains.
- EIGRP, unlike RIP requires the same key-number on both sides.
- When configuring, the order of operation is important.
- When doing changes to the keychain, first remove the key-chain off the interface.
- The steps for configuring EIGRP authentication are:
1. Define a key chain with a name.
2. Define the key or keys on the key chain.
3. Enable authentication on an interface and specify the key chain to be used.
4. Optionally configure key management.
-----------
COMMANDS
-----------
verification:
- Shows the configured keys and which are currently valid
sh key chain {name}
- Shows received authentication packets.
debug eigrp packet hello
configuration:
1. define key chain.
Specifies the period a key is valid for
Specifies overlapping times for a key to be accepted
key chain {name}
key {key number}
key-string {string}
send-lifetime {from H:M:S MON DAY YEAR} {to H:M:S MON DAY YEAR}
accept-lifetime {from H:M:S MON DAY YEAR} {to H:M:S MON DAY YEAR}
2. interface config.
- Assigns the key-chain to the interface
- Specifies MD5
interface Serial0
ip authentication key-chain eigrp {ASN} {chain name}
ip authentication mode eigrp {ASN] md5
VIRTUALRACK for Network Engineers... This blog is all about networking technologies that drives the human network today... Welcome to the Human Network!!
No comments:
Post a Comment