EIGRP & RIPv2 IOS authentication

Though IOS routing protocol (EIGRP/RIPv2) authentication procedure is straightforward, it can cause confusion.

The purpose of this brief post is to enumerate and test all different cases related to this kind of authentication and demonstrate the following facts:

1- Key-chain is locally significant and not checked.

2- The router check key id’s in the ascending order, looking for the same couple as the received (key-id, key-string).

  • if the key id is missing, the result of the debug eigrp packet is key id =<id>, key not defined or not live
  • if the key ids match but not the key-strings, the result of the debug eigrp packet is authentication mismatch

Two back-to-back routers are largely enough for the test.

And the following table resumes all results:

For the sake of succinctness, I attached the following file containing the complete configurations and results for all cases : http://hpnouri.free.fr/tmp/EIGRP-authentication-testing.txt

%d bloggers like this: