【Lab objectives】
1. Understand EIGRP authentication process
2. Learn EIGRP authentication configuration
【Lab Topology】
【Lab steps】
1. Configure IP addresses of every router, and use ping command to confirm the direct interface connectivity of every router.
2. Configure on two routers EIGRP auto system number as 50
3. Check R1 and R2 routing table
|
R1#show ip route 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.1.8/30 is directly connected, Serial1/1 D 172.16.0.0/16 is a summary, 00:00:37, Null0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.1.1.0/24 is directly connected, Loopback0 D 10.0.0.0/8 is a summary, 00:00:37, Null0 D 192.168.1.0/24 [90/2297856] via 172.16.1.10, 00:00:09, Serial1/1 |
|
R2#show ip route 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.1.8/30 is directly connected, Serial1/0 D 172.16.0.0/16 is a summary, 00:00:53, Null0 D 10.0.0.0/8 [90/2297856] via 172.16.1.9, 00:00:51, Serial1/0 C 192.168.1.0/24 is directly connected, Loopback0 |
4. Configure EIGRP authentication
|
R1#configure terminal R1(config)#key chain Bible R1(config-keychain)#key 1 R1(config-keychain-key)#key-string cisco R1(config-keychain-key)#exit R1(config-keychain)#exit R1(config)# R1(config)#interface serial 1/1 R1(config-if)#ip authentication key-chain eigrp 50 Bible R1(config-if)#ip authentication mode eigrp 50 md5 R1(config-if)#end |
5. Both routers use clear ip route * command to refresh routing table and speed up the convergence of routing table.
6. Check the routing table of R1 and R2. Observe the changes.
|
R1#show ip route C 172.16.1.8/30 is directly connected, Serial1/1 D 172.16.0.0/16 is a summary, 00:00:16, Null0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.1.1.0/24 is directly connected, Loopback0 D 10.0.0.0/8 is a summary, 00:00:16, Null0 |
|
R2#show ip route ……… C 172.16.1.8/30 is directly connected, Serial1/0 D 172.16.0.0/16 is a summary, 00:02:53, Null0 C 192.168.1.0/24 is directly connected, Loopback0 |
Now R1 and R2 cannot learn route of each other. And here is feedback of R2 system:
|
*Mar 14 15:35:27.343: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial1/0) is up: new adjacency *Mar 14 15:35:29.767: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial1/0) is down: Auth failure |
7. Check R2 routing table. If authentication failed, R1 and R2 can no longer be neighbors.
|
R2#show ip eigrp 50 neighbors IP-EIGRP neighbors for process 50
R2# |
8. Configure EIGRP authentication of R2
|
R2#configure terminal R2(config)#key chain Bible R2(config-keychain)#key 1 R2(config-keychain-key)#key-string cisco R2(config-keychain-key)#exit R2(config-keychain)#exit R2(config)#interface serial 1/0 R2(config-if)#ip authentication key-chain eigrp 50 Bible R2(config-if)#ip authentication mode eigrp 50 md5 R2(config-if)#exit |
9. After we finish authentication configuration on R2, the system will prompt:
|
*Mar 14 15:46:04.071: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial1/0) is up: new adjacency |
Meanwhile, check R2 neighbor list, we find that R1 become neighbor of R2.
|
R2#show ip eigrp 50 neighbors IP-EIGRP neighbors for process 50 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 172.16.1.9 Se1/0 11 00:01:17 28 200 0 8 |
10. Refresh routing table again, and observe the changes on routing table of R1 and R2.
|
R1#show ip route 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.1.8/30 is directly connected, Serial1/1 D 172.16.0.0/16 is a summary, 00:08:41, Null0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.1.1.0/24 is directly connected, Loopback0 D 10.0.0.0/8 is a summary, 00:08:42, Null0 D 192.168.1.0/24 [90/2297856] via 172.16.1.10, 00:02:54, Serial1/1 |
|
R2#show ip route 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.1.8/30 is directly connected, Serial1/0 D 172.16.0.0/16 is a summary, 00:08:28, Null0 D 10.0.0.0/8 [90/2297856] via 172.16.1.9, 00:03:44, Serial1/0 C 192.168.1.0/24 is directly connected, Loopback0 |
11. Lab finished.
Hope to helpful for you!
