EIGRP Authentication per Neighbor


(Rene Molenaar) #1

This topic is to discuss the following lesson:


(system) #2

Gr8 tutorial…Never read about this virtual-template before… will practice today… thnx Rene .


(system) #3

nice work indeed… but doesn’t this break the ccie lab requirements of not creating new interfaces unless explicitly requested? or am i missing something here?


(system) #4

thanks Mr.René Molenaar :slight_smile:
but what if we use sub-interface in R1 ? do we still need virtual-template commands ??

thanks a lot for ur effort


(Rene Molenaar) #5

Hi Mohammed,

If you use sub-interface then this doesn’t apply because you can activate EIGRP authentication per (sub)interface. This “trick” is only a fun method to use when you are not allowed to use sub-interfaces…something you could see in a CCIE lab exam.

Rene


(Hussein Samir) #6

Hi Rene,

I have tow question :-
1 - You configure the same IP address on both virtual-template interfaces and you do not have any overlaps with the tow virtual-template interfaces, so how did this happen ?
2 - Does OSPF support the authentication per Neighbor ?

Thanks,


(Hussein Samir) #7

Another question come up to my mind :-
If we have several routers connected to an ether switch ( multi-access network ) so all the routers will become neighbors with each other so we have more than one neighbor on the same physical interface, right ? my question is :-
Can we use per neighbor authentication in ethernet network ?


(Rene Molenaar) #8

Hi Hussein,

That’s right, the virtual template is like a template, it’s not a (virtual) interface so it’s possible.

I haven’t tried this with OSPF, it might work since the OSPF key is configured on the interface. Keep in mind this is just a crazy trick to get around a possible requirement that you could face on a CCIE lab :slight_smile:

Rene


(Rene Molenaar) #9

Hi Hussein,

That’s right, if your routers are on the same multi access segment then they will become neighbors if you use the same key. Routing protocols like RIP, OSPF or EIGRP don’t support any per-neighbor authentication (except for this crazy trick). BGP is one of the routing protocols that does support authentication per neighbor.

Rene


(Hussein Samir) #10

Do you mean we can use this trick in ethernet network ? if yes, so how we can use "frame-relay interface-dlci DLCINUMBER ppp Virtual-Template NUMBER " command in fast ethernet or gigabit ethernet interfaces since frame-relay commands used only on serial interfaces ?


(Rene Molenaar) #11

Hi Hussein,

Maybe if you would use sub-interfaces on an Ethernet interface and try to apply the virtual templates there but I think it won’t accept it.

Rene


(Adil K) #12

Hi Rene,

Thanks …Perfect explanation.

Adil


(Shannon S) #13

Hi Rene,

So virtual-template only applies to PPP links?

Rgds,

Shannon


(Andrew P) #14

Shannon,
I believe you are correct. The applications of Virtual Templates that I can think of are PPP related


(Shannon S) #15

Hi Andrew,

Thank you for confirming!

Rgds,

Shannon


(Daniel B) #16

Maybe this whole lesson needs to be taken down.
No more frame relay on exam and I can’t see why they would ask this for DMVPN.
Besides I can’t think of how to do this on DMVPN :slight_smile: