In EIGRP we can configure the authenticaton between the routers to form neighbours,EIGRP has a feature of "key chain" which we can create number of keys and we can assign a time line for each of the key.This authentication can be done with a list of commands in global configuration mode.
"key chain name"
"key number"
"key-strings value"
after creating the keys we need to configure those on the which ever interface we want.From global configuration mode
"interface serial0/0"
"ip authentication mode eigrp asn md5"
"ip authentication key-chain eigrp asn name of the key chain"
if there is no time period for keys then the keys are valid for life time, if we want to configure the time period then we configure with commands
"accept-lifetime start to end"
"send-lifetime start to end"
Example:
considering "eigrp 90" and "network command"configured on the two routers, i configured the eigrp authentication on both routers
BB#
BB#conf t
Enter configuration commands, one per line. End with CNTL/Z.
BB(config)#key chain keys
BB(config-keychain)#key 1
BB(config-keychain-key)#key-string kumar
BB(config-keychain-key)#int s0/0
BB(config-if)#ip authentication mode eigrp 90 md5
LONDON#
LONDON#conf t
Enter configuration commands, one per line. End with CNTL/Z.
LONDON(config)#key chain keys
LONDON(config-keychain)#key 1
LONDON(config-keychain-key)#key-string kumar
LONDON(config-keychain-key)#int s0/0
LONDON(config-if)#ip authentication mode eigrp 90 md5*Mar 1 00:06:46.963: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 10.0.0.1 (Serial0/0) is down: authentication mode changed
LONDON(config-if)#ip authentication key-chain eigrp 90 keys
LONDON(config-if)#
we check the key chain with using command "show key chain"
BB#sh key chain
Key-chain keys:
key 1 -- text "kumar"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
BB#
as i didn't configure any life time the keys are always valid.
please post your valid comments.
"key chain name"
"key number"
"key-strings value"
after creating the keys we need to configure those on the which ever interface we want.From global configuration mode
"interface serial0/0"
"ip authentication mode eigrp asn md5"
"ip authentication key-chain eigrp asn name of the key chain"
if there is no time period for keys then the keys are valid for life time, if we want to configure the time period then we configure with commands
"accept-lifetime start to end"
"send-lifetime start to end"
Note:The key number and key string should be always same on the routers to become neighbors.
Example:
considering "eigrp 90" and "network command"configured on the two routers, i configured the eigrp authentication on both routers
BB#
BB#conf t
Enter configuration commands, one per line. End with CNTL/Z.
BB(config)#key chain keys
BB(config-keychain)#key 1
BB(config-keychain-key)#key-string kumar
BB(config-keychain-key)#int s0/0
BB(config-if)#ip authentication mode eigrp 90 md5
*Mar 1 00:02:14.451: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 10.0.0.2 (Serial0/0) is down: authentication mode changed
BB(config-if)#ip authentication key-chain eigrp 90 keys
BB(config-if)#
BB(config-if)#ip authentication key-chain eigrp 90 keys
BB(config-if)#
LONDON#
LONDON#conf t
Enter configuration commands, one per line. End with CNTL/Z.
LONDON(config)#key chain keys
LONDON(config-keychain)#key 1
LONDON(config-keychain-key)#key-string kumar
LONDON(config-keychain-key)#int s0/0
LONDON(config-if)#ip authentication mode eigrp 90 md5
LONDON(config-if)#ip authentication key-chain eigrp 90 keys
LONDON(config-if)#
we check the key chain with using command "show key chain"
BB#sh key chain
Key-chain keys:
key 1 -- text "kumar"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
BB#
as i didn't configure any life time the keys are always valid.
please post your valid comments.
