I would like to highlight how EIGRP did authentication when we used keychain. Please go through the below scenario before we explain how it work,
IP Addressing :
--------------------
R1 - s0/0.12 point-to-point = 131.1.12.1/24 ; lo1 = 1.1.1.1/8
R2 - s0/0.21 point-to-point = 131.1.12.2/24 ; lo1 = 2.2.2.2/8
Configure EIGRP Authentication on R1
------------------------------------------------
!
key chain EIGRP
key 1
key-string ABC
key 2
key-string cisco
!
!
interface Serial0/0.12 point-to-point
ip address 131.1.12.1 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
frame-relay interface-dlci 102
!
Configure EIGRP Authentication on R2
------------------------------------------------
!
key chain EIGRP
key 1
key-string DEF
key 2
key-string cisco
!
!
interface Serial0/0.21 point-to-point
ip address 131.1.12.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
frame-relay interface-dlci 201
!
!
According to the above configuration, will R1 and R2 form EIGRP neighbors?
!
!
!
!
!
!
!
!
Answer is no. The reason is EIGRP use LOWEST key number among all currently valid keys when SENDING EIGRP message but it use ALL currently valid keys when RECEIVING EIGRP message. Please learn the below picture for better understanding.
Reference : RHC blog & CCNP Route
No comments:
Post a Comment