© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI 2 - 4 1 Configuring EIGRP BSCI Module 2-4 – Configuring EIGRP Authentication.

Slides:



Advertisements
Similar presentations
Chapter 7 RIP version 2.
Advertisements

RIP2 CCNA Exploration Semester 2 Chapter 7
RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: EIGRP Advanced Configurations and Troubleshooting Scaling.
12: EIGRP for IPv6 Rick Graziani Cabrillo College
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI Configuring EIGRP BSCI Module 2-5 – Configuring EIGRP in an Enterprise Network.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 RIPv2 Routing Protocols and Concepts – Chapter 7.
Routing Protocols and Concepts – Chapter 7 Sandra Coleman, CCNA, CCAI
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—5-1 EIGRP Implementation Troubleshooting EIGRP.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—5-1 EIGRP Implementation Implementing EIGRP.
Implementing an EIGRP-Based Solution
1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson
RIP – Routing Information Protocol Syeda Momina Tabish MIT - 7.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI Configuring EIGRP BSCI Module 2-2 – Implementing and Verifying EIGRP.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 BSCI Module 4 Lesson 3 The IS-IS Protocol BSCI Module 4 Lesson 3 Configuring Basic Integrated.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Configuring and Verifying.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—2-1 Implementing an EIGRP-Based Solution Planning Routing Implementations with EIGRP.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—2-1 Implementing an EIGRP-Based Solution Implementing and Verifying EIGRP Authentication.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 RIP version 1&2 Revised by Chakchai So-In, Ph.D.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI Configuring EIGRP BSCI Module 2-1 – Introduction to EIGRP.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—2-1 Implementing an EIGRP-Based Solution Configuring and Verifying EIGRP for the Enterprise.
OSPF in Multiple Area.
Single-Area OSPF Implementation
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling Static Routing.
CISCO NETWORKING ACADEMY Chabot College ELEC IP Routing Protocol Highlights.
EIGRP SAvPS Genči 2009.
Advantages of Dynamic Routing over Static Routing : Advertise only the directly connected networks. Updates the topology changes dynamically. Administrative.
Lecture Week 7 RIPv2 Routing Protocols and Concepts.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Enhanced Interior Gateway Protocol (EIGRP) Scaling Networks.
The Hebe-jebes (or He-B-GPs): Understanding the Roles of EBGP, IBGP and an IGP Using Lab 7-4, IBGP, Next Hop and Synchronization Rick Graziani Cabrillo.
Open standard protocol Successor of RIP Classless routing protocol Uses Shortest Path First (SPF) Algorithm Updates are sent through Multicast IP address.
E /24 LAN /24LAN – / /8 S0 S /8 Head Office Branch Office E /16.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Configure and Troubleshoot IP Routing Protocols - EIGRP & OSPF Manas R Moothedath.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 RIPv2 Routing Protocols and Concepts – Chapter 7.
© 2002, Cisco Systems, Inc. All rights reserved..
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 3 EIGRP.
Enhanced Interior Gateway Routing Protocol 1. EIGRP EIGRP is an advanced distance-vector routing protocol that relies on features commonly associated.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI Configuring EIGRP BSCI Module 2-1 – Introduction to EIGRP.
© 2002, Cisco Systems, Inc. All rights reserved. 1 Routing Overview.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.
Cisco proprietary protocol Classless routing protocol Metric (32 bit) : Composite Metric (BW + Delay) by default. Administrative distance is 90 Updates.
© 2003, Cisco Systems, Inc. All rights reserved..
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Lab 3-5 Debrief.
PE3PE2 CE2-VPNACE1-VPNA MPLS/VPN Backbone MPLS VPN Lab Setup.
Jose Luis Flores / Amel Walkinshaw
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 3 EIGRP.
Cisco Systems Networking Academy S2 C 12 Routing Protocols.
Chapter 7 RIP version 2 CIS 82 Routing Protocols and Concepts Rick Graziani Cabrillo College Last Updated: 4/7/2008.
Configuring EIGRP Configuring EIGRP Authentication.
Routing Protocols and Concepts – Chapter 7
 RIP — A distance vector interior routing protocol  IGRP — The Cisco distance vector interior routing protocol (not used nowadays)  OSPF — A link-state.
Role of Router. The Router as a Perimeter Device  Usually the main function of a router is considered as the forwarding of packets between two network.
© 2002, Cisco Systems, Inc. All rights reserved..
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNP 1 v3.0 Module 4 Routing Information Protocol version 2.
Configuring OSPF Configuring OSPF Authentication.
111 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3: Switching Basics and Intermediate Routing v3.0.
EIGRP.
DYNAMIC ROUTING.
Routing Information Protocol
Implementing EIGRP EIGRP Implementation.
Chapter 3 Routing Dynamically
Chapter 7 RIP version 2 CIS 82 Routing Protocols and Concepts
Routing Information Protocol
Rick Graziani Cabrillo College
Cisco networking, CNET-448
BSCI Module 2-2 – Implementing and Verifying EIGRP
Routing Protocols and Concepts – Chapter 7
Static Routing For Multiple Routers
Routing Protocols and Concepts – Chapter 7
Presentation transcript:

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Configuring EIGRP BSCI Module 2-4 – Configuring EIGRP Authentication

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Objectives  Upon completing this lesson, you will be able to implement authentication in an EIGRP network. This ability includes being able to meet these objectives: Describe router authentication Describe the MD5 authentication used in EIGRP Configure MD5 authentication Troubleshoot MD5 authentication

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Purpose of this Lesson  Coverage of topics new to the “EIGRP” module of BSCI.  What’s new in this module? EIGRP Message Digest 5 (MD5) authentication and how to configure and troubleshoot it.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Router Authentication  Many routing protocols support authentication such that a router authenticates the source of each routing update packet that it receives.  Simple password authentication is supported by: IS-IS OSPF RIPv2  MD5 authentication is supported by: OSPF RIPv2 BGP EIGRP

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Simple Password vs. MD5 Authentication  Simple password authentication: Router sends packet and key. Neighbor checks if received key matches its key. Not secure.  MD5 authentication Configure a “key” (password) and key-id; router generates a message digest, or hash, of the key, key-id and message. Message digest is sent with packet; key is not sent. Secure.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI EIGRP MD5 Authentication  EIGRP supports MD5 authentication.  Router generates and checks every EIGRP packet. Router authenticates the source of each routing update packet that it receives.  Configure a “key” (password) and key-id; each participating neighbor must have same key configured.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI MD5 Authentication  EIGRP MD5 authentication: Router generates a message digest, or hash, of the key, key-id, and message. EIGRP allows keys to be managed using key chains. Specify key-id (number, key, and lifetime of key). First valid activated key, in order of key numbers, is used.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Configuring EIGRP MD5 Authentication ip authentication mode eigrp autonomous-system md5 Router(config-if)#  Specifies MD5 authentication for EIGRP packets Router(config-if)# ip authentication key-chain eigrp autonomous-system name-of-chain  Enables authentication of EIGRP packets using key in the key-chain

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Configuring EIGRP MD5 Authentication (cont.) key chain name-of-chain Router(config)#  Enters configuration mode for the key-chain Router(config-keychain)# key key-id  Identifies key and enters configuration mode for the key- id

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Configuring EIGRP MD5 Authentication (cont.) Router(config-keychain-key)# key-string text  Identifies key string (password) Router(config-keychain-key)# accept-lifetime start-time {infinite | end-time | duration seconds}  Optional: specifies when key will be accepted for received packets Router(config-keychain-key)# send-lifetime start-time {infinite | end-time | duration seconds}  Optional: specifies when key can be used for sending packets

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Example MD5 Authentication Configuration

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI R1 Configuration for MD5 Authentication key chain R1chain key 1 key-string firstkey accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan :01:00 Jan key 2 key-string secondkey accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan infinite interface FastEthernet0/0 ip address ! interface Serial0/0/1 bandwidth 64 ip address ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R1chain ! router eigrp 100 network network auto-summary

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI R2 Configuration for MD5 Authentication key chain R2chain key 1 key-string firstkey accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan infinite key 2 key-string secondkey accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan infinite interface FastEthernet0/0 ip address ! interface Serial0/0/1 bandwidth 64 ip address ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R2chain ! router eigrp 100 network network auto-summary

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Verifying MD5 Authentication R1# *Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor (Serial0/0/1) is up: new adjacency R1#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq Se0/0/ :03: R1#show ip route Gateway of last resort is not set D /16 [90/ ] via , 00:02:22, Serial0/0/ /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 00:31:31, Null0 C /24 is directly connected, FastEthernet0/ /24 is variably subnetted, 2 subnets, 2 masks C /27 is directly connected, Serial0/0/1 D /24 is a summary, 00:31:31, Null0 R1#ping Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Troubleshooting MD5 Authentication R1#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) *Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1 *Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/1 nbr *Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0 R2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) R2# *Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2 *Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/1 nbr *Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Troubleshooting MD5 Authentication Problem R1(config-if)#key chain R1chain R1(config-keychain)#key 2 R1(config-keychain-key)#key-string wrongkey R2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) R2# *Jan 21 16:50:18.749: EIGRP: pkt key id = 2, authentication mismatch *Jan 21 16:50:18.749: EIGRP: Serial0/0/1: ignored packet from , opc ode = 5 (invalid authentication) *Jan 21 16:50:18.749: EIGRP: Dropping peer, invalid authentication *Jan 21 16:50:18.749: EIGRP: Sending HELLO on Serial0/0/1 *Jan 21 16:50:18.749: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jan 21 16:50:18.753: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor (Serial0/0/1) is down: Auth failure R2#show ip eigrp neighbors IP-EIGRP neighbors for process 100 R2# MD5 authentication on both R1 and R2, but R1 key 2 (that it uses when sending) changed

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Summary  There are two types of router authentication: simple password and MD5.  When EIGRP authentication is configured, the router generates and checks every EIGRP packet and authenticates the source of each routing update packet that it receives. EIGRP supports MD5 authentication.  To configure MD5 authentication, use the ip authentication mode eigrp and ip authentication key-chain interface commands. The key chain must also be configured, starting with the key chain command.  Use debug eigrp packets to verify and troubleshoot MD5 authentication.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Activity  Using the network created in module 2 using EIGRP as your routing protocol, follow the steps in this module to add security to EIGRP.  Be sure to verify your connections by running the show commands discussed in the module both before and after you implement security. show ip protocols, show ip eigrp interfaces, show ip eigrp neighbors, show ip eigrp topology, and show ip eigrp traffic  NOTE: before adding any security, you should always verify your connection first to avoid additional troubleshooting later.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Self Check  Name the two types of router authentication: _______________ and __________________  Which two commands are used to configure MD5 authentication, _____________________ and __________________  What debug command will verify and troubleshoot MD5 authentication?

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Resources  ch_note09186a c.shtml ch_note09186a c.shtml  28/products_command_reference_chapter09186a0080 0ca5a9.html 28/products_command_reference_chapter09186a0080 0ca5a9.html  ch_note09186a f07.shtml ch_note09186a f07.shtml.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Q and A

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.