HannieSchumacher311

From WikiAdvocacy
Jump to: navigation, search

Configuring RIPv2 and EIGRP validation with key chains may be complicated in the beginning, and the syntax is not particularly simple to remember. But for BSCI and CCNP examination success, we have got to be able to perform this.

In a previous article, we saw how to configure RIPv2 packet authentication, with both clear-text and MD5 authentication systems. EIGRP authentication is a lot the same, and gets the text and MD5 authentication options as well. But EIGRP being EIGRP, the control only must be described as a little more detailed!

As with RIPv2, the authentication method must certanly be arranged by the EIGRP neighbors. If one router's interface is configured for MD5 authentication and the remote router's interface is configured for text authentication, the adjacency will fail even if the two interfaces involved are configured to make use of exactly the same password.

We'll now change link authorization on the adjacency over an Ethernet segment. Below, you'll see how to manage a key sequence named EIGRP on both routers, use key no 1, and use the key-string BSCI. Key chain is shown by run on a switch to see all key organizations.

R2( config )#key string EIGRP

R2( config-keychain )#key 1

R2( config-keychain-key )#key-string BSCI

R2#show crucial cycle

Key-chain EIGRP:

Important 1 -- text "BSCI"

Take whole life (always valid) - (always valid) [valid now]

send whole life (always valid) - (always valid) [valid now]

R3( config )#key cycle EIGRP

R3( config-keychain )#key 1

R3( config-keychain-key )#key-string BSCI

R3#show important cycle

Key-chain EIGRP:

Crucial 1 -- text "BSCI"

Recognize life time (always valid) - (always valid) [valid now]

send entire life (always valid) - (always valid) [valid now]

The EIGRP command to utilize the critical sequence is just a bit of a pain to keep in mind, because the protocol and AS number is identified in the center of the command, not the beginning. Also note that two commands are expected - the key chain to be named by one, another to define the authentication method being used.

R2( config )#interface ethernet0

R2( config-if )#ip validation key-chain eigrp 100 EIGRP

R2( config-if )#ip authentication mode eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.3 (Ethernet0) is down: keychain changed

R3( config )#interface ethernet0

R3( config-if )#ip certification key-chain eigrp 100 EIGRP

R3( config-if )#ip authentication style eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.2 (Ethernet0) is up:

As with RIPv2, the present adjacency was torn down when one side was configured with authorization. If the key chain is applied and correctly defined on both sides, the adjacency can come backup. Show ip eigrp neighbor is run by always to be sure the adjacency occurs. Understand the important points of EIGRP crucial organizations by establishing them on your house lab equipment, and you'll be a lot more than prepared for BSCI exam success! rate us

Retrieved from "http://wikiadvocacy.org/index.php?title=HannieSchumacher311&oldid=119920"
Personal tools