© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 1 Configuring EIGRP BSCI Module 2-1 – Introduction to EIGRP.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 2 Objectives  This module will cover topics which allow students to meet the following objectives: Describe the key capabilities that distinguish EIGRP from other routing protocols Identify the four key technologies employed by EIGRP Describe how EIGRP operates Describe the five components of the metric used by EIGRP Calculate the EIGRP metric for a range of pathways between routers Explain how IGRP routes are integrated into EIGRP routes and vice-versa

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 3 Purpose of this Lesson Coverage of topics new to the “EIGRP” module of BSCI.  What’s new in this module? EIGRP metric calculations for pathway ranges between routers.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 4 EIGRP Features There are several key differences with EIGRP from other routing protocols which are explored in this module.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 5 EIGRP Key Technologies  Neighbor discover/recovery  Reliable Transport Protocol (RTP)  DUAL finite-state machine  Protocol-dependent modules (PDMs)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 6 The Diffusing Update Algorithm (DUAL)  How does EIGRP determine which routes are loop-free? B with a cost of 10  Each of A’s neighbors is reporting reachability to E: C with a cost of 10 D with a cost of 30  These three costs are called the reported distance (RD); the distance each neighbor is reporting to a given destination

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 7 The Diffusing Update Algorithm (DUAL)  At A, the total cost to reach E is:  The best of these three paths is the path through B, with a cost of 20 20 through B 25 through C 45 through D  This is the feasible distance (FD)  The route with the best FD is known as the “Successor”  All next best routes are known as “Feasible Successors”

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 8 The Diffusing Update Algorithm (DUAL)  A uses the FD and the RD to determine which paths are loop-free  The best path (FD) is used as a benchmark; all paths with RDs lower than the FD cannot contain loops  The algorithm may mark some loop-free paths as loops  However, it is guaranteed never to mark a looped path as loop-free

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 9 The Diffusing Update Algorithm (DUAL)  At A: The path through B is the best path (FD), at 20 C can reach E with a cost of 10; 10 (RD) is less than 20 (FD), so this path is loop-free. D can reach E with a cost of 30; 30 (RD) is not less than 20 (FD), so EIGRP assumes this path is a loop.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 11 RTRA#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 2 10.1.1.1 Et0 12 6d16h 20 200 0 233 1 10.1.4.3 Et1 13 2w2d 87 522 0 452 0 10.1.4.2 Et1 10 2w2d 85 510 0 3 Seconds Remaining Before Declaring Neighbor Down How Long Since the Last Time Neighbor Was Discovered How Long It Takes for This Neighbor To Respond To Reliable Packets How Long to Wait Before Retransmitting If No Acknowledgement EIGRP Neighbor Status

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 14 EIGRP Packets  Hello: Establish neighbor relationships.  Update: Send routing updates  Query: Ask neighbors about routing information  Reply: Respond to query about routing information  ACK: Acknowledge a reliable packet

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 16 EIGRP Metric  Same metric components as IGRP: Bandwidth Delay Reliability Loading MTU  EIGRP metric is IGRP metric multiplied by 256

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 17 EIGRP Metric Calculation  By default, EIGRP metric: Metric = bandwidth (slowest link only) + delay (sum of delays)  Delay = sum of the delays in the path, in tens of microseconds, multiplied by 256.  Bandwidth = [(10^7) / (minimum bandwidth link along the path, in kilobits per second)] * 256  Formula with default K values (K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0): Metric = [K1 * BW + ((K2 * BW) / (256 – load)) + K3 * delay]  If K5 not equal to 0: Metric = Metric * [K5 / (reliability + K4)]

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 18 EIGRP Metrics Calculation Example A  B  C  D Least bandwidth 64 kbps Total delay 6,000 A  X  Y  Z  D Least bandwidth 256 kbps Total delay 8,000  Delay is the sum of all the delays of the links along the paths: Delay = [delay in tens of microseconds] x 256  BW is the lowest bandwidth of the links along the paths: BW = [10,000,000 / (bandwidth in kbps)] x 256

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 20 Summary  EIGRP capabilities include fast convergence and support for VLSM, partial updates, and multiple network layer protocols.  EIGRP key technologies are: neighbor discovery/recovery, RTP, DUAL finite-state machine, and protocol-dependent modules.  EIGRP uses three tables: neighbor table, topology table, and routing table. The routing table contains the best route to each destination, called the successor route. A feasible successor route is a backup route to a destination; it is kept in the topology table.  EIGRP uses the same metric components as IGRP: delay, bandwidth, reliability, load, and MTU.  By default, EIGRP metric = bandwidth (slowest link) + delay (sum of delays).  EIGRP metrics are backward-compatible with IGRP; the EIGRP- equivalent metric is the IGRP metric multiplied by 256.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 21 Self Check  What is a reported distance?  What is a feasible distance?  EIGRP uses three tables: name the three tables: __________, ____________, _____________. Which of the tables contains the best route or successor route to each destination?  EIGRP uses what metrics? __________, _________, _________, __________, ___________

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 22 Resources  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09 186a008009405c.shtml http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09 186a008009405c.shtml  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09 186a0080093f07.shtml http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09 186a0080093f07.shtml

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 26 Objectives  Upon completing this lesson, you will be able to describe how to implement EIGRP routing. This ability includes being able to meet these objectives: Describe the commands used in a basic EIGRP configuration task Explain how to configure a router to use wildcard masks to select the interfaces and networks that will participate in EIGRP routing Configure the gateway of last resort or default route Verify that the router recognizes EIGRP neighbors and routes Verify EIGRP operations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 27 Purpose of this Lesson Coverage of topics new to the “EIGRP” module of BSCI.  What’s new in this module? Describe the commands used in a basic EIGRP configuration task Explain how to configure a router to use wildcard masks to select the interfaces and networks that will participate in EIGRP routing Configure the gateway of last resort or default route.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 28 Configuring EIGRP router eigrp autonomous-system-number  Defines EIGRP as the IP routing protocol.  All routers in the internetwork that must exchange EIGRP routing updates must have the same autonomous system number. network network-number [wildcard-mask]  Identifies attached networks participating in EIGRP.  The wildcard-mask is an inverse mask used to determine how to interpret the address. The mask has wildcard bits, where 0 is a match and 1 is “don’t care.” Router(config)# Router(config-router)#

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 29 Configuring EIGRP (Cont.) bandwidth kilobits  Defines the interface’s bandwidth for the purposes of sending routing update traffic. Router(config-if)#

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 30 Configuring EIGRP for IP Network 192.168.1.0 is not configured on router A, because it is not directly connected to router A.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 31 Configuring EIGRP with IP (cont.) Classful configuration example: routerA(config)#router eigrp 109 routerA(config-router)#network 10.1.0.0 routerA(config-router)#network 10.4.0.0 routerA(config-router)#network 172.16.7.0 routerA(config-router)#network 172.16.2.0 Classless configuration example: routerA(config)#router eigrp 109 routerA(config-router)#network 10.1.0.0 0.0.255.255 routerA(config-router)#network 10.4.0.0 0.0.255.255 routerA(config-router)#network 172.16.2.0 0.0.0.255 routerA(config-router)#network 172.16.7.0 0.0.0.255 What’s wrong with this?

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 35 R2 EIGRP Configuration interface FastEthernet0/0 ip address 172.17.2.2 255.255.255.0 interface Serial0/0/1 bandwidth 64 ip address 192.168.1.102 255.255.255.224 router eigrp 100 network 172.17.2.0 0.0.0.255 network 192.168.1.0

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 36 EIGRP Manual Summarization  Automatic summarization of routes at the major classful boundary is a characteristic of distance vector operations.  With EIGRP you can disable automatic summarization and create one or more summary routes within the network on any bit boundary as long as a more specific route exists in the routing table. When a more specific route no longer exists the summary route is removed from the routing table.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 37 EIGRP Summarization  In the routing table, summary routes are automatically assigned to interface null0 to prevent routing loops. This is also true for manual summarization  If the summarizing router receives a packet for a destination that is included in the summary route but is unknown by the router, the router will send it to the null interface – drops the packet.  For manual summarization to be effective, blocks of contiguous addresses (subnets) must come together at a common router so that the router can advertise a single summary route.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 38 Configuring Summary Routes  Summary routes are manually configured at the interface. if)# ip summary-address eigrp [as number] [network] [subnet mask]  Remember, these are summary addresses that your router is summarizing  Summary addresses also cut down on the number of eigrp queries.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 39 Verifying EIGRP: show ip eigrp neighbors R1#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.1.102 Se0/0/1 10 00:07:22 10 2280 0 5 R1#

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 40 Verifying EIGRP: show ip route eigrp R1#show ip route eigrp D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:07:01, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:05:13, Null0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks D 192.168.1.0/24 is a summary, 00:05:13, Null0 R1#show ip route Gateway of last resort is not set D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:06:55, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:05:07, Null0 C 172.16.1.0/24 is directly connected, FastEthernet0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.96/27 is directly connected, Serial0/0/1 D 192.168.1.0/24 is a summary, 00:05:07, Null0

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 41 Verifying EIGRP: show ip protocols R1#show ip protocols Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s Maximum path: 4 Routing for Networks: 172.16.1.0/24 192.168.1.0 Routing Information Sources: Gateway Distance Last Update (this router) 90 00:09:38 Gateway Distance Last Update 192.168.1.102 90 00:09:40 Distance: internal 90 external 170

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 42 Verifying EIGRP: show ip eigrp interfaces R1#show ip eigrp interfaces IP-EIGRP interfaces for process 100 Xmit Queue Mean Pacing Time Multicast Pending Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes Fa0/0 0 0/0 0 0/10 0 0 Se0/0/1 1 0/0 10 10/380 424 0

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 43 Verifying EIGRP: show ip eigrp topology R1#show ip eigrp topology IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 192.168.1.96/27, 1 successors, FD is 40512000 via Connected, Serial0/0/1 P 192.168.1.0/24, 1 successors, FD is 40512000 via Summary (40512000/0), Null0 P 172.16.0.0/16, 1 successors, FD is 28160 via Summary (28160/0), Null0 P 172.16.1.0/24, 1 successors, FD is 28160 via Connected, FastEthernet0/0 P 172.17.0.0/16, 1 successors, FD is 40514560 via 192.168.1.102 (40514560/28160), Serial0/0/1

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 44 Verifying EIGRP: show ip eigrp traffic R1#show ip eigrp traffic IP-EIGRP Traffic Statistics for AS 100 Hellos sent/received: 429/192 Updates sent/received: 4/4 Queries sent/received: 1/0 Replies sent/received: 0/1 Acks sent/received: 4/3 Input queue high water mark 1, 0 drops SIA-Queries sent/received: 0/0 SIA-Replies sent/received: 0/0 Hello Process ID: 113 PDM Process ID: 73

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 45 Summary  The configuration commands for basic EIGRP include: router eigrp autonomous-system network network-number [wildcard-mask] bandwidth kilobits  The optional wildcard-mask parameter in the network command is an inverse mask used to determine how to interpret the network-number. A wildcard bit of 0 is a match and of 1 is “don’t care”.  Create and advertise a default route in an EIGRP autonomous system with the ip default-network network-number command.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 46 Summary (cont.)  Use the show ip eigrp neighbors command to verify that the router recognizes its neighbors. Use the show ip route eigrp command to verify that the router recognizes routes from its neighbors.  Use the show ip protocols, show ip eigrp interfaces, show ip eigrp neighbors, show ip eigrp topology, and show ip eigrp traffic commands to verify EIGRP operations..

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 47 Activity  Create a simple network using EIGRP as your routing protocol. These steps were discussed at the beginning of this module.  Verify your connections by running the show commands discussed in the module: show ip protocols, show ip eigrp interfaces, show ip eigrp neighbors, show ip eigrp topology, and show ip eigrp traffic  Reflection: Are your routes displayed correctly in the routing table and identified as both directly connected or EIGRP?

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 48 Self Check  Which show command verifies the router can recognize its neighbors?  Show ip route eigrp has what function?  What command establishes EIGRP as the routing protocol?  Identify the command to create and advertise a default route in an EIGRP autonomous system.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 49 Resources  http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a008009405c.shtml http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a008009405c.shtml  http://www.cisco.com/en/US/products/sw/iosswrel/ps18 28/products_command_reference_chapter09186a0080 0ca5a9.html http://www.cisco.com/en/US/products/sw/iosswrel/ps18 28/products_command_reference_chapter09186a0080 0ca5a9.html  http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a0080093f07.shtml http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a0080093f07.shtml.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 53 Objectives  Upon completing this lesson, you will be able to implement authentication in an EIGRP network. This ability includes being able to meet these objectives: Describe router authentication Describe the MD5 authentication used in EIGRP Configure MD5 authentication Troubleshoot MD5 authentication

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 54 Purpose of this Lesson  Coverage of topics new to the “EIGRP” module of BSCI.  What’s new in this module? EIGRP Message Digest 5 (MD5) authentication and how to configure and troubleshoot it.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 55 Router Authentication  Many routing protocols support authentication such that a router authenticates the source of each routing update packet that it receives.  Simple password authentication is supported by: IS-IS OSPF RIPv2  MD5 authentication is supported by: OSPF RIPv2 BGP EIGRP

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 56 Simple Password vs. MD5 Authentication  Simple password authentication: Router sends packet and key. Neighbor checks if received key matches its key. Not secure.  MD5 authentication Configure a “key” (password) and key-id; router generates a message digest, or hash, of the key, key-id and message. Message digest is sent with packet; key is not sent. Secure.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 57 EIGRP MD5 Authentication  EIGRP supports MD5 authentication.  Router generates and checks every EIGRP packet. Router authenticates the source of each routing update packet that it receives.  Configure a “key” (password) and key-id; each participating neighbor must have same key configured.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 58 MD5 Authentication  EIGRP MD5 authentication: Router generates a message digest, or hash, of the key, key-id, and message. EIGRP allows keys to be managed using key chains. Specify key-id (number, key, and lifetime of key). First valid activated key, in order of key numbers, is used.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 59 Configuring EIGRP MD5 Authentication (cont.) key chain name-of-chain Router(config)#  Enters configuration mode for the key-chain Router(config-keychain)# key key-id  Identifies key and enters configuration mode for the key- id

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 60 Configuring EIGRP MD5 Authentication (cont.) Router(config-keychain-key)# key-string text  Identifies key string (password) Router(config-keychain-key)# accept-lifetime start-time {infinite | end-time | duration seconds}  Optional: specifies when key will be accepted for received packets Router(config-keychain-key)# send-lifetime start-time {infinite | end-time | duration seconds}  Optional: specifies when key can be used for sending packets

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 61 Configuring EIGRP MD5 Authentication ip authentication mode eigrp autonomous-system md5 Router(config-if)#  Specifies MD5 authentication for EIGRP packets Router(config-if)# ip authentication key-chain eigrp autonomous-system name-of-chain  Enables authentication of EIGRP packets using key in the key-chain

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 63 R1 Configuration for MD5 Authentication key chain R1chain key 1 key-string firstkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 04:01:00 Jan 1 2006 key 2 key-string secondkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite interface FastEthernet0/0 ip address 172.16.1.1 255.255.255.0 ! interface Serial0/0/1 bandwidth 64 ip address 192.168.1.101 255.255.255.224 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R1chain ! router eigrp 100 network 172.16.1.0 0.0.0.255 network 192.168.1.0 auto-summary

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 64 R2 Configuration for MD5 Authentication key chain R2chain key 1 key-string firstkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite key 2 key-string secondkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite interface FastEthernet0/0 ip address 172.17.2.2 255.255.255.0 ! interface Serial0/0/1 bandwidth 64 ip address 192.168.1.102 255.255.255.224 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R2chain ! router eigrp 100 network 172.17.2.0 0.0.0.255 network 192.168.1.0 auto-summary

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 65 Verifying MD5 Authentication R1# *Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102 (Serial0/0/1) is up: new adjacency R1#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq 0 192.168.1.102 Se0/0/1 12 00:03:10 17 2280 0 14 R1#show ip route Gateway of last resort is not set D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:31:31, Null0 C 172.16.1.0/24 is directly connected, FastEthernet0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.96/27 is directly connected, Serial0/0/1 D 192.168.1.0/24 is a summary, 00:31:31, Null0 R1#ping 172.17.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 66 Troubleshooting MD5 Authentication R1#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) *Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1 *Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.102 *Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0 R2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) R2# *Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2 *Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.101 *Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 67 Summary  There are two types of router authentication: simple password and MD5.  When EIGRP authentication is configured, the router generates and checks every EIGRP packet and authenticates the source of each routing update packet that it receives. EIGRP supports MD5 authentication.  To configure MD5 authentication, use the ip authentication mode eigrp and ip authentication key-chain interface commands. The key chain must also be configured, starting with the key chain command.  Use debug eigrp packets to verify and troubleshoot MD5 authentication.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 68 Activity  Using the network created in module 2 using EIGRP as your routing protocol, follow the steps in this module to add security to EIGRP.  Be sure to verify your connections by running the show commands discussed in the module both before and after you implement security. show ip protocols, show ip eigrp interfaces, show ip eigrp neighbors, show ip eigrp topology, and show ip eigrp traffic  NOTE: before adding any security, you should always verify your connection first to avoid additional troubleshooting later.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 69 Self Check  Name the two types of router authentication: _______________ and __________________  Which two commands are used to configure MD5 authentication, _____________________ and __________________  What debug command will verify and troubleshoot MD5 authentication?

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 70 Resources  http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a008009405c.shtml http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a008009405c.shtml  http://www.cisco.com/en/US/products/sw/iosswrel/ps18 28/products_command_reference_chapter09186a0080 0ca5a9.html http://www.cisco.com/en/US/products/sw/iosswrel/ps18 28/products_command_reference_chapter09186a0080 0ca5a9.html  http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a0080093f07.shtml http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a0080093f07.shtml.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 74 Objectives Upon completing this lesson, you will be able to describe, recognize, and correct common EIGRP issues and problems. This ability includes being able to meet these objectives:  Explain factors affecting scalability in large internetworks  Explain how EIGRP uses queries to update its routing tables in the event a route is lost and there is no feasible successor  Explain how to mark the spokes of large network as stubs to reduce EIGRP queries and thus improve network scaling  Explain why SIA connections occur  Explain how to minimize active routes  Describe how graceful shut down prevents loss of packets when routers go down

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 75 Purpose of this Lesson Coverage of topics new to the “EIGRP” module of BSCI.  What’s new in this module? Configuring EIGRP in large scale (enterprise) networks

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 76 Factors That Influence EIGRP Scalability  Quantity of routing information exchanged between peers: without proper route summarization, this can be excessive.  Number of routers that must be involved when a topology change occurs.  Depth of topology: the number of hops that information must travel to reach all routers.  Number of alternate paths through the network.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 77 EIGRP Query Process  Queries are sent when a route is lost and no feasible successor is available.  The lost route is now in “active” state.  Queries are sent to all neighboring routers on all interfaces except the interface to the successor.  If the neighbors do not have their lost-route information, queries are sent to their neighbors.  If a router has an alternate route, it answers the query; this stops the query from spreading in that branch of the network.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 79 EIGRP Stub  The EIGRP Stub Routing feature Improves network stability Reduces resource utilization and Simplifies remote router (spoke) configuration  Stub routing is commonly used in hub-and-spoke topology  Stub router sends a special peer information packet to all neighboring routers to report its status as a stub router  Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 80 Stub Review  If A loses its connection to 10.1.1.0/24, it must build and transmit five queries: one query to each remote, and one query to B  Each of the remote sites will also build a query towards B  B receives five queries which it must process and answer BA 10.1.1.0/24

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 81 Stub Review  If these spokes are remotes sites, they typically have two connections for redundancy, not so they can transit traffic between A and B  A should never use the spokes as a path to anything reachable through B, so there’s no reason to learn about, or query for, routes through these spokes BA 10.1.1.0/24 These Are Not Designed to Transit Traffic

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 82 Stub Review BA 10.1.1.0/24 router#config t# router(config)#router eigrp 100 router(config-router)#eigrp stub router(config-router)# To signal A and B that the paths through the spokes should not be used for transit traffic, the spoke routers can be configured as stubs

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 83 Stub Review  Marking the spokes as stubs allows them to signal A and B that they are not transit paths  A will not query stubs, reducing the total number of queries in this example to one  Marking the remotes as stubs also reduces the complexity of this topology; B now believes it only has one path to 10.1.1.0/24, rather than five BA 10.1.1.0/24 M a r k e d a s S t u b s

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 84 Configuring EIGRP Stub  receive-only : Prevents the stub from sending any type of route.  connected : Permits stub to send connected routes (may still need to redistribute).  static : Permits stub to send static routes (must still redistribute).  summary : Permits stub to send summary routes.  Default is connected and summary. eigrp stub [receive-only|connected|static|summary] Router(config-router)#

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 85 Example: EIGRP stub Parameters  If stub connected is configured: B will advertise 10.1.2.0/24 to A. B will not advertise 10.1.2.0/23, 10.1.3.0/23, or 10.1.4.0/24.  If stub summary is configured: B will advertise 10.1.2.0/23 to A. B will not advertise 10.1.2.0/24, 10.1.3.0/24, or 10.1.4.0/24.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 86 Example: EIGRP stub Parameters (Cont.)  If stub static is configured: B will advertise 10.1.4.0/24 to A. B will not advertise 10.1.2.0/24, 10.1.2.0/23, or 10.1.3.0/24.  If stub receive-only is configured: B won’t advertise anything to A, so A needs to have a static route to the networks behind B to reach them.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 87 EIGRP Query Process Stuck-in-Active  The router has to get all the replies from the neighbors with an outstanding query before the router calculates the successor information. If any neighbor fails to reply to the query within three minutes, by default, the route is SIA, and the router resets the neighbor relationship with the neighbor that fails to reply.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 88 Active Process Enhancement Before  Router A resets relationship to router B when the normal active timer expires. However, the problem is the link between router B and C. After  Router A sends an SIA-Query at half of the normal active timer. Router B acknowledges the query there by keeping the relationship up.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 90 Summary.  Factors that affect network scalability include: Amount of information exchanged between neighbors Number of routers Depth of the topology Number of alternate paths through the network  When a route is lost and no feasible successor is available, queries are sent to all neighboring routers on all interfaces.  The eigrp stub command is used to enable the stub routing feature, which improves network stability, reduces resource utilization, and simplifies stub router configuration.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 91 Summary (Cont.)  Once a route goes active and the query sequence is initiated, it can only come out of the active state and transition to passive state when it receives a reply for every generated query. If the router does not receive a reply to all the outstanding queries within 3 minutes (the default time), the route goes to the SIA state.  The active process enhancement feature enables an EIGRP router to monitor the progression of the search for a successor route so that neighbor relationships are not reset unnecessarily.  With graceful shutdown, a goodbye message is broadcast when an EIGRP routing process is shut down, to inform adjacent peers about the impending topology change.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 92 Activity  Using the network created in module 4 using EIGRP as your routing protocol, follow the steps in this module to add a stub to EIGRP. Be sure you are running debug eigrp to watch communication of your links.  You can also verify your connections by running the show commands discussed in the previous module once you have added your stub route. show ip protocols, show ip eigrp interfaces, show ip eigrp neighbors, show ip eigrp topology, and show ip eigrp traffic  With debugging still running, shut down your stub connection and observe the communication on your debug output.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 93 Self Check  What factors affect the scalability of a network:  What command is used to enable the stub routing feature?  What is the purpose of enabling EIGRP stub routing?  When routes are lost and no feasible successor can be found, how does EIGRP reestablish its connection?

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 94 Resources  http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a008009405c.shtml http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a008009405c.shtml  http://www.cisco.com/en/US/products/sw/iosswrel/ps18 28/products_command_reference_chapter09186a0080 0ca5a9.html http://www.cisco.com/en/US/products/sw/iosswrel/ps18 28/products_command_reference_chapter09186a0080 0ca5a9.html  http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a0080093f07.shtml http://www.cisco.com/en/US/tech/tk365/technologies_te ch_note09186a0080093f07.shtml  http://www.cisco.com/en/US/products/sw/iosswrel/ps51 87/products_command_reference_chapter09186a0080 17d003.html http://www.cisco.com/en/US/products/sw/iosswrel/ps51 87/products_command_reference_chapter09186a0080 17d003.html.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 1 Configuring EIGRP BSCI Module 2-1 – Introduction to EIGRP.

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 1 Configuring EIGRP BSCI Module 2-1 – Introduction to EIGRP."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 1 Configuring EIGRP BSCI Module 2-1 – Introduction to EIGRP.

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBSCI 2 - 1 1 Configuring EIGRP BSCI Module 2-1 – Introduction to EIGRP."— Presentation transcript:

Similar presentations

About project

Feedback