Index.php

From Recidemia
Revision as of 04:17, 2 May 2013 by 173.237.181.15 (talk)
Jump to: navigation, search

Configuring RIPv2 and EIGRP validation with key chains could be difficult initially, and the syntax isn't particularly an easy task to remember. However for BSCI and CCNP exam success, we've surely got to be able to perform this task.

In a previous tutorial, we saw how to configure RIPv2 packet authentication, with both clear-text and MD5 authentication systems. EIGRP authentication is much the exact same, and has the text and MD5 authentication options as well. But EIGRP being EIGRP, the order just needs to be described as a bit more detailed!

Much like RIPv2, the authentication mode must certanly be arranged by the EIGRP neighbors. If one router's interface is configured for MD5 authentication and the remote router's interface is configured for text authentication, the adjacency can fail even if the two interfaces under consideration are configured to utilize the same code.

We'll today arrange link authentication on the adjacency over an Ethernet segment. Below, you'll observe to configure a key chain called EIGRP on both routers, use key #1, and use the key-string BSCI. Key chain is shown by run on a modem to see all key chains.

R2( config )#key string EIGRP

R2( config-keychain )#key 1

R2( config-keychain-key )#key-string BSCI

R2#show important chain

Key-chain EIGRP:

key 1 -- text "BSCI"

Take entire life (always valid) - (always valid) [valid now]

send lifetime (always valid) - (always valid) [valid now]

R3( config )#key chain EIGRP

R3( config-keychain )#key 1

R3( config-keychain-key )#key-string BSCI

R3#show important cycle

Key-chain EIGRP:

Critical 1 -- text "BSCI"

Recognize entire life (always valid) - (always valid) [valid now]

send lifetime (always valid) - (always valid) [valid now]

The EIGRP command to use the critical chain is a bit of a pain to remember, because the AS and method number is recognized in the center of the command, not the beginning. Also note that two instructions are required - the key chain to be named by one, the authentication mode to be defined by another in use.

R2( config )#interface ethernet0

R2( config-if )#ip verification key-chain eigrp 100 EIGRP

R2( config-if )#ip authentication style eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.3 (Ethernet0) is down: keychain changed

R3( config )#interface ethernet0

R3( config-if )#ip verification key-chain eigrp 100 EIGRP

R3( config-if )#ip authentication style eigrp 100 md5

5d07h: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.12.23.2 (Ethernet0) is up:

When one side was constructed with certification as with RIPv2, the existing adjacency was torn down. If the key chain is correctly identified and applied on both sides, the adjacency can come backup. Show ip eigrp neighbor is run by always to be sure the adjacency occurs. Understand the important points of EIGRP important stores by configuring them in your house lab equipment, and you'll be significantly more than prepared for BSCI exam success! relevant webpage

Retrieved from "http://www.recidemia.com/index.php?title=Index.php&oldid=273649"