Routing

LAN Connections
 Cisco 2800 Series
Routers Router

 Routers have the following components:

– CPU
– Motherboard
– RAM
– ROM
 Routers have network adapters to which IP addresses are assigned.
 Routers may have the following two kinds of ports:
– Console: For the attachment of a terminal used for management
– Network: Different LAN or WAN media ports
 Routers forward packets based upon a routing table.
Router Functions

RouterX# show ip route

D 192.168.1.0/24 [90/25789217] via 10.1.1.1
1 R 192.168.2.0/24 [120/4] via 10.1.1.2 2
O 192.168.3.0/24 [110/229840] via 10.1.1.3

1. Lets other routers know about changes

2. Determines where to forward packets
Path Determination
Routing Tables
Routing Table Entries

 Directly connected: Router attaches to this network

 Static routing: Entered manually by a system administrator
 Dynamic routing: Learned by exchange of routing information
 Default route: Statically or dynamically learned; used when no
explicit route to network is known
Static vs. Dynamic Routes

Static Route Dynamic Route

 Uses a route that a  Uses a route that a
network administrator network routing protocol
enters into the router adjusts automatically for
manually topology or traffic changes
 What Is a Dynamic Routing Protocol?

 Routing protocols are

used between routers to
determine paths to remote
networks and maintain
those networks in the
routing tables.
 After the path is determined,
a router can route a routed
protocol to the learned networks.
Autonomous Systems: Interior and
Exterior Routing Protocols

 An autonomous system is a collection of networks within

a common administrative domain.
 Interior gateway protocols operate within an autonomous system.
 Exterior gateway protocols connect different autonomous systems.
Classes of Routing Protocols
Distance Vector Routing Protocols

Passes periodic copies of routing table to neighbor routes and

accumulates distance vectors
Link-State Routing Protocols

After initial flood, passes small event-triggered link-state updates to all

other routers
Classful Routing Protocol

 Classful routing protocols do not include the subnet mask with the
route advertisement.
 Within the same network, consistency of the subnet masks is
assumed.
 Summary routes are exchanged between foreign networks.
 These are examples of classful routing protocols:
– RIPv1
– IGRP
Classless Routing Protocol
 Classless routing protocols include the subnet mask with the
route advertisement.
 Classless routing protocols support a variable-length subnet
mask (VLSM).
 Summary routes can be manually controlled within the network.
 These are examples of classless routing protocols:
– RIPv2
– EIGRP
– OSPF
– IS-IS
Routing Metrics
If a router learns of more than one route to reach one
subnet, choose the best route based on that routing
protocol’s concept of a metric
Administrative Distance:
Ranking Routes If a router learns routes for the listed subnet
from more than one source of routing
information, the router uses the source with
the lowest administrative distance (AD)
Static Routes

Configure unidirectional static routes to and from a stub network to

allow communications to occur.
Static Route Configuration

RouterX(config)# ip route network [mask]

{address | interface}[distance] [permanent]

 Defines a path to an IP destination network or subnet or host

 Address = IP address of the next hop router
 Interface = outbound interface of the local router
 Static Route Example

RouterX(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.1

or
Router(config)#ip route 172.16.1.0 255.255.255.0 s0/0/0

 This is a unidirectional route. You must have a route configured in the

opposite direction.
 Default Routes

 This route allows the stub network to reach all known networks beyond
Router A.
 Verifying the Static
Route Configuration

RouterX# show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
 
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
 
10.0.0.0/8 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial0/0/0
S* 0.0.0.0/0 is directly connected, Serial0
Enabling RIP

WAN Connections
 What Is a Routing Protocol?

 Routing protocols
are used between
routers to determine
paths and maintain
routing tables.
 After the path is
determined, a router
can route a routed
protocol.
Autonomous Systems: Interior or
Exterior Routing Protocols

 An autonomous system is a collection of networks under a

common administrative domain.
 IGPs operate within an autonomous system.
 EGPs connect different autonomous systems.
Classes of Routing Protocols
Administrative Distance:
Ranking Routes
Classful Routing Protocol

 Classful routing protocols do not include the subnet mask with the
route advertisement.
 Within the same network, consistency of the subnet masks is
assumed.
 Summary routes are exchanged between foreign networks.
 These are examples of classful routing protocols:
– RIPv1
– IGRP
Classless Routing Protocol
 Classless routing protocols include the subnet mask with the
route advertisement.
 Classless routing protocols support a variable-length subnet
mask (VLSM).
 Summary routes can be manually controlled within the network.
 These are examples of classless routing protocols:
– RIPv2
– EIGRP
– OSPF
– IS-IS
Distance Vector Routing Protocols

 Routers pass periodic copies of their routing table to neighboring

routers and accumulate distance vectors
Sources of Information and Discovering
Routes

 Routers discover the best path to destinations from each neighbor.

RIP Overview

 Maximum is 16 equal-cost paths (default = 4)

 Hop-count metric selects the path
 Routes update every 30 seconds
RIPv1 and RIPv2 Comparison

RIPv1 RIPv2
Routing protocol Classful Classless
Supports variable-length subnet mask? No Yes
Sends the subnet mask along with the routing
No Yes
update?
Addressing type Broadcast Multicast
RFCs 1721,
Defined in … RFC 1058
1722, and 2453
Supports manual route summarization? No Yes
Authentication support? No Yes
IP Routing Configuration Tasks

 Router configuration
– Select routing protocols
– Specify networks or interfaces
RIP Configuration

RouterX(config)# router rip

 Starts the RIP routing process

RouterX(config-router)# version 2

 Enables RIP version 2

RouterX(config-router)# network network-number

 Selects participating attached networks

 Requires a major classful network number
RIP Configuration Example
Verifying the RIP Configuration

Routing Protocol is "rip"

Sending updates every 30 seconds, next due in 6 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0 2 2

Serial0/0/2 2 2

Automatic network summarization is in effect

Maximum path: 4
Routing for Networks:
10.0.0.0
172.16.0.0
Routing Information Sources:
Gateway Distance Last Update
10.1.1.2 120 00:00:25
Distance: (default is 120)

RouterA#
Displaying the IP Routing Table

RouterA# show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, fastethernet0/0
10.0.0.0/24 is subnetted, 2 subnets
R 10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial0/0/2
C 10.1.1.0 is directly connected, Serial0/0/2
R 192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial0/0/2
 debug ip rip Command

RouterA# debug ip rip

RIP protocol debugging is on
RouterA#
00:06:24: RIP: received v1 update from 10.1.1.2 on Serial0/0/2
00:06:24: 10.2.2.0 in 1 hops
00:06:24: 192.168.1.0 in 2 hops
00:06:33: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (172.16.1.1)
00:06:34: network 10.0.0.0, metric 1
00:06:34: network 192.168.1.0, metric 3
00:06:34: RIP: sending v1 update to 255.255.255.255 via Serial0/0/2 (10.1.1.1)
00:06:34: network 172.16.0.0, metric 1
Summary

 Routing is the process by which items get from one location to

another.
 Dynamic routing protocols determine how updates are conveyed,
what knowledge is conveyed, when to convey knowledge, and
how to locate recipients of the updates.
 A routing protocol that has a lower administrative value is more
trustworthy than a protocol that has a higher administrative value.
 There are three classes of routing protocols: distance vector, link-
state, and balanced hybrid.
 The ip classless command can be used to prevent a router from
dropping a packet that is destined for an unknown subnetwork of
a directly attached network if a default route is configured.
Summary (Cont.)

 RIP is a distance vector routing protocol that uses hop count as

the matrix for route selection and broadcasts updates every 30
seconds.
 RIPv1 uses classful routing protocol; RIPv2 uses classless
routing protocol. RIPv2 supports VLSM, manual route
summarization, and authentication; RIPv1 does not support these
activities.
 To enable a dynamic routing protocol, first a routing protocol is
selected, then IP network numbers are assigned without values
being specified (except OSPF).
 The router command starts the routing process. The network
command allows the routing process to determine which
interfaces will participate in sending and receiving the routing
updates.
Summary (Cont.)

 The router RIP command selects RIP as the routing protocol.

The network command identifies a participating attached
network.
 The show ip command displays information about routing
protocols and the routing table.
 The debug ip rip command displays information on RIP routing
transactions.
Implementing
OSPF

Single-Area OSPF Implementation

OSPF Overview

 Creates a neighbor relationship by exchanging hello packets

 Propagates LSAs rather than routing table updates
– Link: Router interface
– State: Description of an interface and its relationship to
neighboring routers
 Floods LSAs to all OSPF routers in the area, not just directly
connected routers
 Pieces together all the LSAs generated by the OSPF routers to
create the OSPF link-state database
 Uses the SPF algorithm to calculate the shortest path to each
destination and places it in the routing table
OSPF Hierarchy Example

 Minimizes routing table entries

 Localizes the impact of a topology change within an area
Neighbor Adjacencies: The Hello Packet
SPF Algorithm

10

10
1
1

 Places each router at the root of a tree and calculates the

shortest path to each destination based on the cumulative cost
 Cost = Reference Bandwidth / Interface Bandwidth (b/s)
Configuring Single-Area OSPF
RouterX(config)#
router ospf process-id
 Defines OSPF as the IP routing protocol
RouterX(config-router)#
network address wildcard-mask area area-id
 Assigns networks to a specific OSPF area
Configuring Loopback Interfaces

Router ID:
 Number by which the router is known to OSPF
 Default: The highest IP address on an active interface at the moment of
OSPF process startup
 Can be overridden by a loopback interface: Highest IP address of any active
loopback interface
 Can be set manually using the router-id command
 Verifying the OSPF Configuration
RouterX# show ip protocols
Verifies that OSPF is configured
RouterX# show ip route
splays all the routes learned by the router
RouterX# show ip route

Codes: I - IGRP derived, R - RIP derived, O - OSPF derived,

C - connected, S - static, E - EGP derived, B - BGP derived,
E2 - OSPF external type 2 route, N1 - OSPF NSSA external type 1 route,
N2 - OSPF NSSA external type 2 route

Gateway of last resort is 10.119.254.240 to network 10.140.0.0

O 10.110.0.0 [110/5] via 10.119.254.6, 0:01:00, Ethernet2

O IA 10.67.10.0 [110/10] via 10.119.254.244, 0:02:22, Ethernet2
O 10.68.132.0 [110/5] via 10.119.254.6, 0:00:59, Ethernet2
O 10.130.0.0 [110/5] via 10.119.254.6, 0:00:59, Ethernet2
O E2 10.128.0.0 [170/10] via 10.119.254.244, 0:02:22, Ethernet2
. . .
Verifying the OSPF Configuration (Cont.)

RouterX# show ip ospf

 Displays the OSPF router ID, timers, and statistics

RouterX# show ip ospf

Routing Process "ospf 50" with ID 10.64.0.2
<output omitted>

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Number of areas transit capable is 0
External flood list length 0
Area BACKBONE(0)
Area BACKBONE(0)
Area has no authentication
SPF algorithm last executed 00:01:25.028 ago
SPF algorithm executed 7 times
<output omitted>
 Verifying the OSPF Configuration (Cont.)
RouterX# show ip ospf interface
lays the area ID and adjacency information
RouterX# show ip ospf interface ethernet 0

Ethernet 0 is up, line protocol is up

Internet Address 192.168.254.202, Mask 255.255.255.0, Area 0.0.0.0
AS 201, Router ID 192.168.99.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State OTHER, Priority 1
Designated Router id 192.168.254.10, Interface address 192.168.254.10
Backup Designated router id 192.168.254.28, Interface addr 192.168.254.28
Timer intervals configured, Hello 10, Dead 60, Wait 40, Retransmit 5
Hello due in 0:00:05
Neighbor Count is 8, Adjacent neighbor count is 2
  Adjacent with neighbor 192.168.254.28 (Backup Designated Router)
  Adjacent with neighbor 192.168.254.10 (Designated Router)
 Verifying the OSPF Configuration (Cont.)
RouterX# show ip ospf neighbor
 Displays the OSPF neighbor information on a per-interface basis

RouterX# show ip ospf neighbor

ID Pri State Dead Time Address Interface

10.199.199.137   1 FULL/DR 0:00:31 192.168.80.37 FastEthernet0/0
172.16.48.1 1 FULL/DROTHER 0:00:33 172.16.48.1   FastEthernet0/1
172.16.48.200 1 FULL/DROTHER 0:00:33 172.16.48.200  FastEthernet0/1
10.199.199.137   5 FULL/DR 0:00:33 172.16.48.189  FastEthernet0/1
Verifying the OSPF Configuration (Cont.)

RouterX# show ip ospf neighbor 10.199.199.137

Neighbor 10.199.199.137, interface address 192.168.80.37
In the area 0.0.0.0 via interface Ethernet0
Neighbor priority is 1, State is FULL
Options 2
Dead timer due in 0:00:32
Link State retransmission due in 0:00:04
Neighbor 10.199.199.137, interface address 172.16.48.189
In the area 0.0.0.0 via interface Fddi0
Neighbor priority is 5, State is FULL
Options 2
Dead timer due in 0:00:32
Link State retransmission due in 0:00:03
OSPF debug Commands

RouterX# debug ip ospf events

OSPF:hello with invalid timers on interface Ethernet0

hello interval received 10 configured 10
net mask received 255.255.255.0 configured 255.255.255.0
dead interval received 40 configured 30

OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117

aid:0.0.0.0 chk:6AB2 aut:0 auk:

RouterX# debug ip ospf packet

OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116

aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0
Load Balancing with OSPF

OSPF load balancing:

 Paths must be equal cost
 By default, up to four equal-cost paths can be placed into the
routing table
 With a configuration change, up to a maximum of 16 paths can be
configured:
– (config-router)# maximum-paths <value>
 To ensure paths are equal cost for load balancing, you can
change the cost of a particular link:
– (config-if)# ip ospf cost <value>
Load Balancing with OSPF
OSPF Authentication

 OSPF supports two types of authentication:

– Plaintext (or simple) password authentication
– MD5 authentication
 The router generates and checks every OSPF packet.
 The router authenticates the source of each routing update
packet that it receives.
 Configure a “key” (password); each participating neighbor
must have the same key configured.
Configuring OSPF Plaintext Password
Authentication
RouterX(config-if)#
ip ospf authentication-key password
 Assigns a password to use with neighboring routers

RouterX(config-if)#
ip ospf authentication [message-digest | null]
 Specifies the authentication type for an interface (as of Cisco
IOS Release 12.0)

OR

RouterX(config-router)#
area area-id authentication [message-digest]
 Specifies the authentication type for an area
Plaintext Password Authentication
Configuration Example
 Verifying Plaintext Password
Authentication

RouterX#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
10.2.2.2 0 FULL/ - 00:00:32 192.168.1.102 Serial0/0/1

RouterX#show ip route
<output omitted>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1
C 10.1.1.0/24 is directly connected, Loopback0
192.168.1.0/27 is subnetted, 1 subnets
C 192.168.1.96 is directly connected, Serial0/0/1

RouterX#ping 10.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
Visual Objective 4-1: Implementing OSPF
Summary

 OSPF is a classless, link-state routing protocol that uses an area hierarchy

for fast convergence.
 OSPF exchanges hello packets to establish neighbor adjacencies between
routers.
 The SPF algorithm uses a cost metric to determine the best path. Lower
costs indicate a better path.
 The router ospf process-id command is used to enable OSPF on the router.
 Use a loopback interface to keep the OSPF router ID consistent.
 The show ip ospf neighbor command displays OSPF neighbor information
on a per-interface basis.
 The commands debug ip ospf events and debug ip ospf packets can be
used to troubleshoot OSPF problems.
 OSPF will load-balance across up to four equal-cost metric paths by default.
 There are two types of OSPF authentication: Plaintext and MD5.
Implementing
EIGRP

EIGRP Implementation
 EIGRP Features
 Advanced distance vector
 Rapid convergence
 100% loop-free classless routing
 Easy configuration
 Incremental updates
 Load balancing across equal-
and unequal-cost pathways
 Flexible network design
 Multicast and unicast instead of broadcast
address
 Support for VLSM and discontiguous subnets
 Manual summarization at any point in the
internetwork
 Support for multiple network layer protocols
EIGRP Tables
EIGRP Path Calculation (Router C)
EIGRP Configuration
RouterX(config)# router eigrp autonomous-system

RouterX(config-router)# network network-number

EIGRP and Discontiguous Networks
Default Scenario Configuration

EIGRP, by default, does not advertise subnets and,

therefore, cannot support discontiguous subnets.
EIGRP and Discontiguous Networks with
no auto-summary

EIGRP with the no auto-summary parameter can advertise

subnets and, therefore, can support discontiguous subnets.
 Verifying the EIGRP Configuration
RouterX# show ip route eigrp
 Displays the current EIGRP entries in the routing table

RouterX# show ip protocols

 Displays the parameters and current state of the active process

RouterX# show ip eigrp interfaces

 Displays information about interfaces configured for EIGRP

RouterX# show ip eigrp interfaces

IP EIGRP interfaces for process 109

                    Xmit Queue    Mean   Pacing Time   Multicast   Pending

Interface   Peers   Un/Reliable   SRTT   Un/Reliable   Flow Timer  Routes
Di0           0         0/0          0      11/434          0          0
Et0           1         0/0        337       0/10           0          0
SE0:1.16      1         0/0         10       1/63         103          0
Tu0           1         0/0        330       0/16           0          0
 Verifying the EIGRP Configuration
(Cont.)

RouterX# show ip eigrp neighbors [detail]

 Displays the neighbors discovered by IP EIGRP

RouterX# show ip eigrp neighbors

IP-EIGRP Neighbors for process 77
Address Interface Holdtime Uptime Q Seq SRTT RTO
(secs) (h:m:s) Count Num (ms) (ms)
172.16.81.28 Ethernet1 13 0:00:41 0 11 4 20
172.16.80.28 Ethernet0 14 0:02:01 0 10 12 24
172.16.80.31 Ethernet0 12 0:02:02 0 4 5 20
 Verifying the EIGRP Configuration
(Cont.)
RouterX# show ip eigrp topology [all]
 Displays the IP EIGRP topology table
 Without the [all] parameter, shows successors and feasible successors

RouterX# show ip eigrp topology

IP-EIGRP Topology Table for process 77
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776
via 172.16.80.28 (46251776/46226176), Ethernet0
via 172.16.81.28 (46251776/46226176), Ethernet1
via 172.16.80.31 (46277376/46251776), Serial0
P 172.16.81.0 255.255.255.0, 2 successors, FD is 307200
via Connected, Ethernet1
via 172.16.81.28 (307200/281600), Ethernet1
via 172.16.80.28 (307200/281600), Ethernet0
via 172.16.80.31 (332800/307200), Serial0
 Verifying the EIGRP Configuration
(Cont.)
RouterX# show ip eigrp traffic

 Displays the number of IP EIGRP packets sent and received

RouterX# show ip eigrp traffic

IP-EIGRP Traffic Statistics for process 77
Hellos sent/received: 218/205
Updates sent/received: 7/23
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 21/14
 debug ip eigrp Command

RouterX# debug ip eigrp

IP-EIGRP: Processing incoming UPDATE packet
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 –
256000 104960
IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 –
256000 104960
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 –
256000 104960
IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200
IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 - 45714176 596480
IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 172.69.40.0 255.255.255.0 metric 2272256 - 1657856 614400
IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 - 40000000 622080
IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1

Note: EIGRP routes are exchanged only when a change in topology occurs.
EIGRP Metric
The criteria that EIGRP uses by default to calculate its
metric:
 Bandwidth
 Delay
The optional criteria that EIGRP can be configured to
use when calculating its metric:
 Reliability
 Load

Note: Although MTU is exchanged in EIGRP packets between

neighbor routers, MTU is not factored into the EIGRP metric
calculation.
EIGRP Load Balancing

 By default, EIGRP does equal-metric load balancing:

– By default, up to four routes with a metric equal to the
minimum metric are installed in the routing table.
 There can be up to 16 entries in the routing table for the same
destination:
– The number of entries is configurable with the
maximum-paths command.
 EIGRP Unequal-Cost Load Balancing
RouterX(config-router)#
variance multiplier

 Allows the router to load-balance across routes with a metric

smaller than the multiplier value times the minimum metric route
to that destination.
 The default variance is 1, which means equal-cost load balancing.
Variance Example

 Router E chooses router C to route to network 172.16.0.0 because it has

the lowest feasible distance of 20.
 With a variance of 2, router E also chooses router B to route to network
172.16.0.0 (20 + 10 = 30) < [2 * (FD) = 40].
 Router D is not considered to route to network 172.16.0.0 (because 25 >
20).
EIGRP MD5 Authentication

 EIGRP supports MD5 authentication.

 The router identifies itself for every EIGRP packet it sends.
 The router authenticates the source of each routing update
packet that it receives.
 Each participating neighbor must have the same key configured.
EIGRP MD5 Authentication Configuration
Steps

1. Create the keychain, a group of possible keys (passwords).

2. Assign a key ID to each key.
3. Identify the keys.
4. (Optional) Specify the duration a key will be valid.
5. Enable MD5 authentication on the interface.
6. Specify which keychain the interface will use.
 Configuring EIGRP MD5 Authentication
RouterX(config)#
key chain name-of-chain
 Enters the configuration mode for the keychain

RouterX(config-keychain)#
key key-id
 Identifies the key and enters the configuration mode for the key ID
 Configuring EIGRP MD5 Authentication
(Cont.)
RouterX(config-keychain-key)#
key-string text
 Identifies the key string (password)

RouterX(config-keychain-key)#
accept-lifetime start-time {infinite | end-time | duration
seconds}
 (Optional) Specifies when the key is accepted for received packets

RouterX(config-keychain-key)#
send-lifetime start-time {infinite | end-time | duration
seconds}
 (Optional) Specifies when the key can be used for sending packets
 Configuring EIGRP MD5 Authentication
(Cont.)
RouterX(config-if)#
ip authentication mode eigrp autonomous-system md5
 Specifies MD5 authentication for EIGRP packets

RouterX(config-if)#
ip authentication key-chain eigrp autonomous-system
name-of-chain
 Enables authentication of EIGRP packets using the key in the keychain
Example EIGRP MD5 Authentication
Configuration

RouterX
<output omitted>
key chain RouterXchain
key 1
key-string firstkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 04:01:00 Jan 1 2006
key 2
key-string secondkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
<output omitted>
!
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.101 255.255.255.224
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 RouterXchain
Example EIGRP MD5 Authentication
Configuration (Cont.)

RouterY
<output omitted>
key chain RouterYchain
key 1
key-string firstkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
key 2
key-string secondkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
<output omitted>
!
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.102 255.255.255.224
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 RouterYchain
Verifying MD5 Authentication
RouterX#
*Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102
(Serial0/0/1) is up: new adjacency

RouterX#show ip eigrp neighbors

IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.102 Se0/0/1 12 00:03:10 17 2280 0 14

RouterX#show ip route
<output omitted>
Gateway of last resort is not set
D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:31:31, Null0
C 172.16.1.0/24 is directly connected, FastEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.96/27 is directly connected, Serial0/0/1
D 192.168.1.0/24 is a summary, 00:31:31, Null0

RouterX#ping 172.17.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
Visual Objective 5-1:
Implementing EIGRP
Summary

 EIGRP is a classless, advanced distance vector routing protocol

that runs the DUAL algorithm.
 EIGRP requires you to configure an autonomous system number
that must match on all routers to exchange routes.
 EIGRP is capable of load balancing across unequal-cost paths.
 EIGRP supports MD5 authentication to protect against
unauthorized, rogue routers entering your network.