EIGRP & RIPv2 IOS authentication


Though IOS routing protocol (EIGRP/RIPv2) authentication procedure is straightforward, it can cause confusion.

The purpose of this brief post is to enumerate and test all different cases related to this kind of authentication and demonstrate the following facts:

1- Key-chain is locally significant and not checked.

2- The router check key id’s in the ascending order, looking for the same couple as the received (key-id, key-string).

  • if the key id is missing, the result of the debug eigrp packet is key id =<id>, key not defined or not live
  • if the key ids match but not the key-strings, the result of the debug eigrp packet is authentication mismatch

Two back-to-back routers are largely enough for the test.


And the following table resumes all results:


For the sake of succinctness, I attached the following file containing the complete configurations and results for all cases : http://hpnouri.free.fr/tmp/EIGRP-authentication-testing.txt

Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

One Response to EIGRP & RIPv2 IOS authentication

  1. Lassell Pond says:

    some good posts about QoS. will often visit here.
    I’m studying Service Provider in priority these days.
    heared of SPv3 workbook by cciecert. Do you think it’s good material for preparing SP track at this point?
    What do you reckon

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: