Monday, April 11, 2011

notes: EIGRP Authentication

- EIGRP packets can ONLY be authenticated using an MD5 cryptographic checksum.
- Configured using key-chains.
- EIGRP, unlike RIP requires the same key-number on both sides.
- When configuring, the order of operation is important.
- When doing changes to the keychain, first remove the key-chain off the interface.

- The steps for configuring EIGRP authentication are:

1. Define a key chain with a name.
2. Define the key or keys on the key chain.
3. Enable authentication on an interface and specify the key chain to be used.
4. Optionally configure key management.


-----------
COMMANDS
-----------
verification:

- Shows the configured keys and which are currently valid

sh key chain {name}

- Shows received authentication packets.

debug eigrp packet hello

configuration:

1. define key chain.
Specifies the period a key is valid for
Specifies overlapping times for a key to be accepted

key chain {name}
key {key number}
key-string {string}
send-lifetime {from H:M:S MON DAY YEAR} {to H:M:S MON DAY YEAR}
accept-lifetime {from H:M:S MON DAY YEAR} {to H:M:S MON DAY YEAR}


2. interface config.
- Assigns the key-chain to the interface
- Specifies MD5

interface Serial0
ip authentication key-chain eigrp {ASN} {chain name}
ip authentication mode eigrp {ASN] md5

No comments:

Post a Comment