EIGRP: EIGRP Authentication Configuration
Technology: Routing
Area: IGP
Vendor: Cisco
Software: 12.X , 15.X, IP Base, IP Services
Platform: Catalyst 3560, 3750, 3850, 4500, 6500, ISR Routers
EIGRP authentication supports MD5. If enabled, routers authenticates the source of each routing update packet that they receive. Following configuration prevents intruder from establishing fake EIGRP adjacency. The consequence of fake adjacency can be for example CPU over utilization or routing table poisoning. EIGRP Authentication involves two stages of configurations as stated below :
- Define the Key Chain
- Enable Authentication on EIGRP participating Interface.
Define Key chain:
Router(config)#key chain KEY_CHAIN
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string KEY_STRING
Enable authentication on interface level:
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip authentication mode eigrp 100 md5
Router(config-if)#ip authentication key-chain eigrp 100 KEY_CHAIN