EIGRP authentication

EIGRP authentication and commands to configure

EIGRP authentication is an authentication that is set up to secure the routing tables. Once we have EIGRP authentication in place, the router will authenticate the EIGRP routing updates before updating its routing table.

EIGRP authentication makes sure that updates are received from the authenticated router which prevents the network or hacking attacks from originating from the routers.

EIGRP will not form a neighbor relationship until authentication is successful.

Cisco routers allow us to configure MD5 authentication which is considered highly secure.

EIGRP authentication failure

  • To troubleshoot the EIGRP authentication failure, follow the below steps
  • Authentication failure can happen due to the wrong configuration of the key chain or string.
  • We can also check if we have configured the authentication on the appropriate interface.
  • Confirm if the same autonomous EIGRP number has been selected while configuring the authentication on both routers
  • We have to configure both routers with the same configuration otherwise the keys will not match and that will cause authentication failure.

We will see the following messages on the command line interface when the authentication fails.

After configuring the proper configuration on both routers we can see that the neighbor adjacency formed again.

Commands to configure EIGRP authentication step-by-step

1. Assign the IP addresses to the router’s interface and enable the EIGRP routing on both routers.

Router(config)# in fa 0/0

Router(config-if)#ip add

Router(config)#router eigrp 10


2. Enter interface configuration mode

Router(config)#in fa 0/0

3. Use the following command

Router(config-if)#ip authentication mode eigrp 10 md5

The above command will enable the MD5 authentication on the router’s interface, 10 is the autonomous EIGRP number.

4. Use the following command

Router(config-if)#ip authentication key-chain eigrp 10 Cisco

This command will configure the key chain that will be used for authentication.

5. Exit the interface configuration mode and enter the global configuration mode.

Use the following command to identify the same key chain

Router(config)#key chain Cisco

6. Use the following command to configure the key for the identified key chain

Router(config-keychain)#key 1

Router(config-keychain-key)#key-string Packet

This key will be matched while authentication if a key mismatch causes the authentication failure.

We have configured the EIGRP authentication in the packet tracer

Download the lab and check the configuration

You can try to configure the EIGRP authentication in the packet tracer using the steps given above.

Leave a Reply