EIGRP Authentication
Published in
3 min readApr 15, 2017
Here’s a simple lab about EIGRP authentication. With authentication, routers are sending and receiving authentication packets before EIGRP adjacency performed.
Configuration of R1 :
R1(config)#interface e0/0
R1(config-if)#ip address 100.100.100.1 255.255.255.252
R1(config-if)#no shutR1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#no shutR1(config)#router eigrp 10
R1(config-router)#network 100.100.100.1 0.0.0.0
R1(config-router)#network 1.1.1.1 0.0.0.0
R1(config-router)#no auto-summaryR1(config)#key chain cisco
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string eigrpR1(config)#interface e0/0
R1(config-if)#ip authentication key-chain eigrp 10 cisco
R1(config-if)#ip authentication mode eigrp 10 md5
Configuration of R2 :
R2(config)#interface e0/0
R2(config-if)#ip address 100.100.100.2 255.255.255.252
R2(config-if)#no shutR2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#no shutR2(config)#interface loopback 1
R2(config-if)#ip address 22.22.22.22 255.255.255.255
R2(config-if)#no shutR2(config)#router eigrp 10
R2(config-router)#network 100.100.100.2 0.0.0.0
R2(config-router)#network 2.2.2.2 0.0.0.0
R2(config-router)#network 22.22.22.22 0.0.0.0
R2(config-router)#no auto-summary
R2(config)#key chain cisco
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string eigrpR2(config)#interface e0/0
R2(config-if)#ip authentication key-chain eigrp 10 cisco
R2(config-if)#ip authentication mode eigrp 10 md5
Let’s verify from R1 :
R1#debug eigrp packets
(UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
EIGRP Packet debugging is on
R1#
*Jan 13 06:52:04.560: EIGRP: Sending HELLO on Et0/0 — paklen 60
*Jan 13 06:52:04.560: AS 10, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
*Jan 13 06:52:05.355: EIGRP: received packet with MD5 authentication, key id = 1
*Jan 13 06:52:05.355: EIGRP: Received HELLO on Et0/0 — paklen 60 nbr 100.100.100.2
*Jan 13 06:52:05.356: AS 10, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
–output omitted–R1 received authentication packet, then adjacency performed :
R1#sh ip route eigrp
–output omitted–
Gateway of last resort is not set2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/409600] via 100.100.100.2, 00:05:06, Ethernet0/0
22.0.0.0/32 is subnetted, 1 subnets
D 22.22.22.22 [90/409600] via 100.100.100.2, 00:05:06, Ethernet0/0
OK, what if the configuration of authentication is not match with the opposite router?
Let’s try to change configuration on R2 :
R2(config)#interface e0/0
R2(config-if)#no ip authentication key-chain eigrp 10
R2(config-if)#ip authentication key-chain eigrp 10 eigrpThe key-chain from “cisco” has changed to “eigrp”, now let’s take a look on R1 :
R1#debug eigrp packets
(UPDATE, REQUEST, QUERY, REPLY, HELLO, UNKNOWN, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
EIGRP Packet debugging is on
R1#
*Jan 13 07:07:22.324: EIGRP: Et0/0: ignored packet from 100.100.100.2, opcode = 5 (missing authentication)
R1#
*Jan 13 07:07:23.973: EIGRP: Sending HELLO on Et0/0 — paklen 60
*Jan 13 07:07:23.973: AS 10, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
R1#
*Jan 13 07:07:26.604: EIGRP: Et0/0: ignored packet from 100.100.100.2, opcode = 5 (missing authentication)
R1#Hmmm.. there are messages “ignored packet…”
R1#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
R1#sh ip route eigrp
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
a – application route
+ – replicated route, % – next hop override
See… nothing shown by “ show ip eigrp neighbors” , which means adjacency process is not performed.
Since the authentication is failed, the adjacency process will not performed.Please hit the ♥ button if you liked this post. You’ll help others find it. Thanks!
