Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Eigrp Authentication

    Загружено:

    zakirmmughal
    101 просмотров4 страницы
    Enhanced interior gateway routing protocol (eigrp) provides benefits like fast convergence, incremental updates and support for multiple network layer protocols. It only supports Message Digest 5 (md5) authentication to prevent malicious and incorrect routing information from being introduced. Any interface that has authentication configured on it will not form neighbor relationships out that interface unless the neighbor passes the authentication process.

    Исходное описание:

    Оригинальное название

    Eigrp authentication

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    DOCX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Enhanced interior gateway routing protocol (eigrp) provides benefits like fast convergence, incremental updates and support for multiple network layer protocols. It only supports Message Digest 5 (md5) authentication to prevent malicious and incorrect routing information from being introduced. Any interface that has authentication configured on it will not form neighbor relationships out that interface unless the neighbor passes the authentication process.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    101 просмотров4 страницы

    Eigrp Authentication

    Загружено:

    zakirmmughal
    Enhanced interior gateway routing protocol (eigrp) provides benefits like fast convergence, incremental updates and support for multiple network layer protocols. It only supports Message Digest 5 (md5) authentication to prevent malicious and incorrect routing information from being introduced. Any interface that has authentication configured on it will not form neighbor relationships out that interface unless the neighbor passes the authentication process.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 4

    Introduction

    Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary


    enhanced distance vector routing protocol. EIGRP provides benefits like fast
    convergence, incremental updates and support for multiple network layer protocols.
    EIGRP only supports Message Digest 5 (MD5) authentication to prevent malicious
    and incorrect routing information from being introduced into the routing table of a
    router.

    Configuration overview:
    To configure EIGRP authentication, the keys used in the authentication process have
    to be configured and attached to an interface along with MD5 as the mode of
    authentication. Any interface that has authentication configured on it will not form
    neighbor relationships out that interface unless the neighbor passes the
    authentication process.
    The configuration of EIGRP message authentication is carried out in two steps:

    The creation of a keychain and key:


    Key chains consist of two necessary and two are optional components. The necessary
    components are key number and key string. Optionally it also include an accept-lifetime and
    a send-lifetime parameter.
    Key chain configuration steps:
    A) First we need to configure key chain in global configuration mode.
    B) Under key chain we need to configure key number. Key number must be match on both
    side of router and should be active. If multiple key numbers configure on router, then router
    select lowest number for authentication.
    C) Once you configure key number you need to issue authentication string.
    Example:
    Router#configure terminal
    Router(config)#key chain mykey
    //configure key chain name mykey
    Router(config-keychain)#key 1
    // Specifies the key number
    Router(config-keychain-key)#key-string cisco //Specifies the authentication string for a
    key.
    Router(config-keychain-key)#end

    The configuration of EIGRP authentication in interface to use that keychain


    and key.
    Authentication is configured in interface configuration mode. To apply key chain
    authentication on an interface you must issue the following two commands in interface
    configuration mode:
    A) Enable authentication for EIGRP packets and to specify the set of keys to be used on an
    interface:

    Syntax: ip authentication key-chain eigrp <as-number> <key-chain>


    B) specify MD5 as the type of authentication to be used for EIGRP packets:
    Syntax: ip authentication mode eigrp <as-number> md5
    There is slight difference between configuring eigrp authentication on cisco router for ipv4
    and ipv6, only command syntax changed under interface level.
    Example:
    Configuring EIGRP authentication for
    IP4
    Router(config)#interface fa0/0
    Router(config-if)#ip authentication mode
    eigrp 1 md5
    Router(config-if)#ip authentication keychain eigrp 1 mykey
    Router(config-if)#end

    Configuring EIGRP authentication for IP6


    Router(config)#interface fa0/0
    Router(config-if)#ipv6 authentication mode
    eigrp 1 md5
    Router(config-if)#ipv6 authentication keychain eigrp 1 mykey
    Router(config-if)#end

    B#config t
    B(config)#int se1/1
    B(config-if)#ip ?
    Interface IP configuration subcommands:
    access-group
    accounting
    address

    Specify access control for packets


    Enable IP accounting on this interface
    Set the IP address of an interface

    authentication

    authentication subcommands

    B(config-if)#ip authentication ?
    key-chain key-chain
    mode

    mode

    B(config-if)#ip authentication key-chain ?


    eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)

    B(config-if)#ip authentication key-chain eigrp 10 ?


    WORD name of key-chain
    B(config-if)#ip authentication key-chain eigrp 10 riyadh
    B(config-if)#ip authentication mode ?
    eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)

    B(config-if)#ip authentication mode eigrp 10 ?


    md5 Keyed message digest
    B(config-if)#ip authentication mode eigrp 10 md5
    *May 1 13:33:25.147: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 2.1.1.2
    (Serial1/1) is down: authentication mode changed
    B(config-if)#exit
    B(config)#key chain riyadh
    B(config-keychain)#?
    Key-chain configuration commands:
    default Set a command to its defaults
    exit

    Exit from key-chain configuration mode

    key

    Configure a key

    no

    Negate a command or set its defaults

    B(config-keychain)#key ?
    <0-2147483647> Key identifier
    B(config-keychain)#key 10
    B(config-keychain-key)#key-string cisco
    B(config-keychain-key)#
    *May 1 13:39:07.647: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 2.1.1.2
    (Serial1/1) is up: new adjacency
    B#sh key chain
    Key-chain riyadh:

    key 10 -- text "cisco"


    accept lifetime (always valid) - (always valid) [valid now]
    send lifetime (always valid) - (always valid) [valid now]
    B#debug eigrp packets
    ======== ==========
    C#config t
    Enter configuration commands, one per line. End with CNTL/Z.
    C(config)#int se1/0
    C(config-if)#ip authentication key-chain eigrp 10 riyadh
    C(config-if)#ip authentication mode eigrp 10 md5
    C(config-if)#exit
    C(config-if)#key chain riyadh
    C(config-keychain)#key 10
    C(config-keychain-key)#key-string cisco
    C(config-keychain-key)#
    *May 1 13:38:47.403: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 2.1.1.1
    (Serial1/0) is up: new adjacency
    C(config-keychain-key)#end
    C#sh key chain
    Key-chain riyadh:
    key 10 -- text "cisco"
    accept lifetime (always valid) - (always valid) [valid now]
    send lifetime (always valid) - (always valid) [valid now]
    C#debug eigrp packet

    Вам также может понравиться