Related Category

General

Search

Enter Search:

Other  

Login

Username:
Password:

Premium Articles

Latest News

XML

 rss

 Add to My Yahoo!

 rss yahoo

 rss yahoo

 Add to My AOL

You are here: Articles > Networking > Cisco

  See more articles about "Cisco "

Authenticate Cisco EIGRP routers

 

To help prevent unauthorized routing updates, EIGRP can be configured to authenticate peers.

For this example, two routers, A and B, are directly connected with Fast Ethernet. IP network is 10.1.1.0/24



Enter the appropriate passwords, then enter configuration mode:

conf t



Address the interfaces.



Router A:

interface FastEthernet 0/0

ip address 10.1.1.1 255.255.255.0





Router B:

interface FastEthernet 0/0

ip address 10.1.1.2 255.255.255.0





Configure EIGRP (same on both routers):

router eigrp 100

network 10.0.0.0





Then, create keychains in both routers.



Router A:

key chain rtrA

key 1

key-string 123

accept-lifetime infinite

send-lifetime 00:00:01 1 Jan 2004 23:59:59 1 Jan 2005

exit

key 2

key-string abc

accept-lifetime infinite

send-lifetime 00:00:01 1 Jan 2004 23:59:59 1 Jan 2005





Router B:

key chain rtrB

key 1

key-string 123

accept-lifetime infinite

send-lifetime 00:00:01 1 Jan 2004 23:59:59 1 Jan 2005

exit

key 2

key-string abc

accept-lifetime infinite

send-lifetime 00:00:01 1 Jan 2004 23:59:59 1 Jan 2005





Now, configure authentication . EIGRP Autonomous System number is 100.



Router A:

interface FastEthernet 0/0

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 rtrA







Router B:

interface FastEthernet 0/0

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 rtrB





Now the routers should be verifying the MD5 hash of EIGRP packets, dropping any that do not pass the verification.



In the key configuration, the "infinite" keyword can be used to make non-expiring keys. I would recommend the last keypair be non-expiring, to prevent network downtime if the administrator forgets to update the keys before they expire!

 

Also see ...

OSPF Authentication on Cisco Routers
H3Configure OSPF authentication to prevent unauthorized routing updates./H3PIn this example, Router A and Router B are connected with a WAN link. The WAN is addressed as 192.168.0.0/30, Router A has 10.1.1.0/24 and Router B has 10.2.2.0/24 on their respective FastEthernet interfaces. br /

Authenticate Cisco RIP version 2 (RIPv2) Routers
H3MD5 authentication for RIPv2 routers/H3PFor this example, two routers, A and B, are directly connected with their serial0/0 ports. IP network is 192.168.0.0/30. 10.1.1.0/24 and 10.2.2.0/24 are the FastEthernet networks on each end. br / br /Enter the appropriate passwords, then enter c

Layer-3 Switches
H3Overview of how it layer 3 switches work. Catalyst Switches are normally used as Layer 3 switches. Thus, the switch can have a SUP engine ,a redundant SUP engine , a RSM module and layer 2 (ethernet or fast ethernet) ports. /H3PFunctions of different modules ( for new guys like me ) br /

Configure Cisco switch telnet login and password
H3The ability to telnet into a Cisco switch greatly simplifies remote administration of the device. This recipe describes enabling telnet logins and password protecting them./H3PTo enable telnet logins into a Cisco switch and set the telnet password to span style="font weight: bold"keepout

Cisco CallManager Bulk Update - Route Pattern
H3This works with Cisco CallManager CCM 4.0(1) sr2a. To update a large number of route patterns, some database digging is required./H3PI recently created many route patterns and needed to change some parameters. Since there is no bulk editing tool, I was forced to change these parameters o