Configuring RIPv2 and EIGRP validation with key chains may be complicated in the beginning, and the syntax is not particularly simple to remember. But for BSCI and CCNP examination success, we have got to be able to perform this.
In a previous article, we saw how to configure RIPv2 packet authentication, with both clear-text and MD5 authentication systems. EIGRP authentication is a lot the same, and gets the text and MD5 authentication options as well. But EIGRP being EIGRP, the control only must be described as a little more detailed!
As with RIPv2, the authentication method must certanly be arranged by the EIGRP neighbors. If one router's interface is configured for MD5 authentication and the remote router's interface is configured for text authentication, the adjacency will fail even if the two interfaces involved are configured to make use of exactly the same password.
We'll now change link authorization on the adjacency over an Ethernet segment. Below, you'll see how to manage a key sequence named EIGRP on both routers, use key no 1, and use the key-string BSCI. Key chain is shown by run on a switch to see all key organizations.
R2( config )#key string EIGRP
R2( config-keychain )#key 1
R2( config-keychain-key )#key-string BSCI
R2#show crucial cycle
Important 1 -- text "BSCI"
Take whole life (always valid) - (always valid) [valid now]
send whole life (always valid) - (always valid) [valid now]
R3( config )#key cycle EIGRP
R3( config-keychain )#key 1
R3( config-keychain-key )#key-string BSCI
R3#show important cycle
Crucial 1 -- text "BSCI"
Recognize life time (always valid) - (always valid) [valid now]
send entire life (always valid) - (always valid) [valid now]
The EIGRP command to utilize the critical sequence is just a bit of a pain to keep in mind, because the protocol and AS number is identified in the center of the command, not the beginning. Also note that two commands are expected - the key chain to be named by one, another to define the authentication method being used.
R2( config )#interface ethernet0
R2( config-if )#ip validation key-chain eigrp 100 EIGRP
R2( config-if )#ip authentication mode eigrp 100 md5
5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 188.8.131.52 (Ethernet0) is down: keychain changed
R3( config )#interface ethernet0
R3( config-if )#ip certification key-chain eigrp 100 EIGRP
R3( config-if )#ip authentication style eigrp 100 md5
5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 184.108.40.206 (Ethernet0) is up:
As with RIPv2, the present adjacency was torn down when one side was configured with authorization. If the key chain is applied and correctly defined on both sides, the adjacency can come backup. Show ip eigrp neighbor is run by always to be sure the adjacency occurs. Understand the important points of EIGRP crucial organizations by establishing them on your house lab equipment, and you'll be a lot more than prepared for BSCI exam success! rate us