awesome lessons, simple and clearly documented.
I really like the way you explain the things…its simple,clear and easy to understand.
What is an AS number? Thanks.
AS stands for Autonomous System.
An AS is basically a network that falls under one administrative entity. On the Internet we use AS numbers and BGP for routing between autonomous systems. Within an AS, we typically use an IGP like OSPF or EIGRP.
Here’s a list with AS numbers that are used on the Internet:
I am familiar with Autonomous System, ASBR etc. it is made very clear in OSPF chapters.
I got bit confused with how EIGRP uses AS numbers, whereas OSPF prefers process and area no. Etc.
So AS number for EIGRP is not locally significant but it has to be same on all routers within an AS?
That’s right. EIGRP uses an “AS” number which has to be the same on all routers that run EIGRP.
OSPF uses a process ID and has no concept of AS so it doesn’t matter what number you pick, it’s only used locally on the router.
Can you talk about the other EIGRP authentication using SHA under EIGRP named mode?
Sure, I’ll add a configuration example for this in a few days. I’ll let you know once it’s done.
Great thank you.
Dear Rene ,
i enabled the eigrp auth without selecting the mode in both router
and it is working .
after i issue the mode command in one router it refuse ,
that mean its by default using clear text auth , or different than MD5 could you check that .
If you don’t specify the mode then the router doesn’t use EIGRP authentication.
In case we have many interfaces advertised prefixes, is it possible to process Authentication globally without running authentication at each interface level?
If yes, can you please show how to configure it.
It would be very useful but unfortunately EIGRP doesn’t support this. Authentication is always enabled on the interface level.
hi rene if I was trouble shooting a failed eigrp neighbour is there a show command to see if the key chains are configured ok or do I just have to look at the debug output for this thanks keep up the good work as i’m almost ready to sit my ccnp route exam because of you easy to understand site
There is a “show key chain” command but personally I never use it. The debug will help you to figure out there is an authentication problem. The quickest method to fix it is to check the key chain in the running-config, make sure you use the same keys on both routers. Also check the interface if EIGRP authentication has been enabled.
Good luck with the exam!
Is there any way to hide or restrict users from viewing the KEY (other than by assigning views or privilege levels) ?
service password-encryption command will do what you need. According to Cisco:
The actual encryption process occurs when the current configuration is written or when a password is configured. Password encryption is applied to all passwords, including authentication key passwords, the privileged command password, console and virtual terminal line access passwords, and BGP neighbor passwords. The service password-encryption command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.
I hope this has been helpful!
Hi again Rene,
Why cisco decided to use this “ip authentication mode eigrp AS_NUM md5” command for enabling eigrp authentication instead of using “ip eigrp AS_NUM authentication mode md5” ??
In the other word what is the wisdom of using “ip authentication mode eigrp AS_NUM md5” command instead of the “ip authentication eigrp AS_NUM mode md5” command where it seems more clearly ??
Cisco commands are implemented using a specific hierarchy. When you type the command
ip eigrp ?, the resulting commands all have to do with EIGRP and its functionality. They are limited to routing EIGRP and nothing else. However, authentication is a different entity and must be placed within a different category. This is why the commands fall under the
ip authentication keywords even though the authentication is being configured for EIGRP. Anything under the
ip authentication ? will belong to the authentication functionality of the router.
So by typing
ip authentication mode eigrp AS_NUM md5 you are not configuring something specific to EIGRP but something specific to the authentication functionality of the router.
I hope this has been helpful!
I’m a bit late but I want to add this for the future.
If you use
show running-config you won’t see if you inadvertently typed a space in the password.
show key chain on the other hand will show the configured key-string in quotation marks ("
MY_Key_String ") so on a misconfiguration you will see "
MY_Key_String " for example.