Register now or log in to join your professional community.
To configure EIGRP authentication, the keys used in the authentication process have to be configured and attached to an interface along with MD5 as the mode of authentication. Any interface that has authentication configured on it will not form neighbor relationships out that interface unless the neighbor passes the authentication process.
The configuration of EIGRP message authentication is carried out in two steps:
Key chains consist of two necessary and two are optional components. The necessary components are key number and key string.
Key chain configuration steps:
A) First we need to configure key chain in global configuration mode.
B) Under key chain we need to configure key number. Key number must be match on both side of router and should be active. If multiple key numbers configure on router, then router select lowest number for authentication.
C) Once you configure key number you need to issue authentication string.
Example:
Router#configure terminal
Router(config)#key chain mykey //configure key chain name mykey
Router(config-keychain)#key1 // Specifies the key number
Router(config-keychain-key)#key-string cisco //Specifies the authentication string for a key.
Router(config-keychain-key)#end
Authentication is configured in interface configuration mode. To apply key chain authentication on an interface you must issue the following two commands in interface configuration mode:
A) Enable authentication for EIGRP packets and to specify the set of keys to be used on an interface:
Syntax: ip authentication key-chain eigrp
B) specify MD5 as the type of authentication to be used for EIGRP packets:
Syntax: ip authentication mode eigrp md5