EIGRP authentication and commands to configure
EIGRP authentication is an authentication that is set up to secure the routing tables. Once we have EIGRP authentication in place, the router will authenticate the EIGRP routing updates before updating its routing table.
EIGRP authentication makes sure that updates are received from the authenticated router which prevents the network or hacking attacks from originating from the routers.
EIGRP will not form a neighbor relationship until authentication is successful.
Cisco routers allow us to configure MD5 authentication which is considered highly secure.
EIGRP authentication failure
- To troubleshoot the EIGRP authentication failure, follow the below steps
- Authentication failure can happen due to the wrong configuration of the key chain or string.
- We can also check if we have configured the authentication on the appropriate interface.
- Confirm if the same autonomous EIGRP number has been selected while configuring the authentication on both routers
- We have to configure both routers with the same configuration otherwise the keys will not match and that will cause authentication failure.
We will see the following messages on the command line interface when the authentication fails.
After configuring the proper configuration on both routers we can see that the neighbor adjacency formed again.
Commands to configure EIGRP authentication step-by-step
1. Assign the IP addresses to the router’s interface and enable the EIGRP routing on both routers.
Router(config)# in fa 0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config)#router eigrp 10
Router(config-router)#network 192.168.1.0
2. Enter interface configuration mode
Router(config)#in fa 0/0
3. Use the following command
Router(config-if)#ip authentication mode eigrp 10 md5
The above command will enable the MD5 authentication on the router’s interface, 10 is the autonomous EIGRP number.
4. Use the following command
Router(config-if)#ip authentication key-chain eigrp 10 Cisco
This command will configure the key chain that will be used for authentication.
5. Exit the interface configuration mode and enter the global configuration mode.
Use the following command to identify the same key chain
Router(config)#key chain Cisco
6. Use the following command to configure the key for the identified key chain
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string Packet
This key will be matched while authentication if a key mismatch causes the authentication failure.
We have configured the EIGRP authentication in the packet tracer
Download the lab and check the configuration
You can try to configure the EIGRP authentication in the packet tracer using the steps given above.