How to configure EIGRP Authentication

This topic is to discuss the following lesson:

hello thank you very much. you make CCNA look very easy. you talk me thank you once again

awesome lessons, simple and clearly documented.

I really like the way you explain the things…its simple,clear and easy to understand.

What is an AS number? Thanks.

AS stands for Autonomous System.

An AS is basically a network that falls under one administrative entity. On the Internet we use AS numbers and BGP for routing between autonomous systems. Within an AS, we typically use an IGP like OSPF or EIGRP.

Here’s a list with AS numbers that are used on the Internet:

http://bgp.potaroo.net/cidr/autnums.html

Rene

1 Like

I am familiar with Autonomous System, ASBR etc. it is made very clear in OSPF chapters.

I got bit confused with how EIGRP uses AS numbers, whereas OSPF prefers process and area no. Etc.

So AS number for EIGRP is not locally significant but it has to be same on all routers within an AS?

Thanks,

Hi AD,

That’s right. EIGRP uses an “AS” number which has to be the same on all routers that run EIGRP.

OSPF uses a process ID and has no concept of AS so it doesn’t matter what number you pick, it’s only used locally on the router.

Rene

1 Like

Hi Rene,

Can you talk about the other EIGRP authentication using SHA under EIGRP named mode?

Thank you

Victor

Hi Victor,

Sure, I’ll add a configuration example for this in a few days. I’ll let you know once it’s done.

Rene

1 Like

Hi Rene,

  Great thank you.

Dear Rene ,

i enabled the eigrp auth without selecting the mode in both router
and it is working .
after i issue the mode command in one router it refuse ,
that mean its by default using clear text auth , or different than MD5 could you check that .

Hi Husam,

If you don’t specify the mode then the router doesn’t use EIGRP authentication.

Rene

1 Like

Dear Rene,

In case we have many interfaces advertised prefixes, is it possible to process Authentication globally without running authentication at each interface level?

If yes, can you please show how to configure it.

 

Thanks

Makara Ngy

1 Like

Dear Makara,

It would be very useful but unfortunately EIGRP doesn’t support this. Authentication is always enabled on the interface level.

Rene

1 Like

hi rene if I was trouble shooting a failed eigrp neighbour is there a show command to see if the key chains are configured ok or do I just have to look at the debug output for this thanks keep up the good work as i’m almost ready to sit my ccnp route exam because of you easy to understand site

Hi Shaun,

There is a “show key chain” command but personally I never use it. The debug will help you to figure out there is an authentication problem. The quickest method to fix it is to check the key chain in the running-config, make sure you use the same keys on both routers. Also check the interface if EIGRP authentication has been enabled.

Good luck with the exam!

Rene

1 Like

Hi

Is there any way to hide or restrict users from viewing the KEY (other than by assigning views or privilege levels) ?

Cheers!

D.M.I.

Hello Dan

The service password-encryption command will do what you need. According to Cisco:

The actual encryption process occurs when the current configuration is written or when a password is configured. Password encryption is applied to all passwords, including authentication key passwords, the privileged command password, console and virtual terminal line access passwords, and BGP neighbor passwords. The service password-encryption command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.

(emphasis mine)

I hope this has been helpful!

Laz

2 Likes

Hi again Rene,

Why cisco decided to use this “ip authentication mode eigrp AS_NUM md5” command for enabling eigrp authentication instead of using “ip eigrp AS_NUM authentication mode md5” ??

In the other word what is the wisdom of using “ip authentication mode eigrp AS_NUM md5” command instead of the “ip authentication eigrp AS_NUM mode md5” command where it seems more clearly ??