Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
5
Replies

EIGRP authentication has no effect!!

waimen
Level 1
Level 1

‎04-03-2003 05:40 PM - edited ‎03-02-2019 06:23 AM

Hi All,

I tried eigrp authentication as following:

R1--R2

I use authentication in the interfaces between R1 and R2, I setup the key chain, and in the interface use "ip authentication key-chain eigrp"" command and "ïp authentication mode eigrp x md5"command and do not use that in R2, there is some loopback interfaces in R1 and R2. I found that R1 and R2 can form neighbor ship and change the routes. I had tried to clear the eigrp neighbor, clear ip route, shutdown and then no shut the interface, that's the same! Is there some bugs in my IOS? Thank You!

Best Regards

Waimen

Labels:
0 Helpful
5 Replies 5

pbarman
Level 5
Level 5

‎04-03-2003 08:00 PM

What IOS version you are running, and if you can show the config of r1 and r2 here, that would help!

0 Helpful

waimen
Level 1
Level 1
In response to pbarman

‎04-03-2003 08:05 PM

Hi,

I had clear the config because I just tried it in my lab. I set the eigrp authentication in R1 but not in R2. but the neighbor ship still can be formed. I also tried to use debug ip eigrp command but no authentication message was seen. My IOS is 12.1(5)T, and the IOS file just have "JS" feature. is it the problem of the IOS?

Waimen

0 Helpful

pbarman
Level 5
Level 5
In response to waimen

‎04-03-2003 08:18 PM

The IOS feature set is fine and js is enterprise feature I believe. Eigrp authentication doesn't depend on the feature set. Need to check bugs (but it is less likely).

Was the authentication applied to the correct interface going to R2 ? The config is fairly simple, an example is here:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca56e.html#4759

I did try it , and that works well.

0 Helpful

waimen
Level 1
Level 1
In response to pbarman

‎04-03-2003 10:11 PM

I just config like the sample except that I did not config the accept-lifetime and send-lifetime in R1, but I did not config authentication on R2. Also and then I use R1 and R2 to test IS-IS inter-area authentication R1 and R2 in different areas . I configed " domain-password xxxxx " in router isis mode in R1 but the clns neighbor is still with R2 and the route still can be exchanged. I did not config domain-password in R2, I use debug isis update-packet command, I saw LSP authentication error, But the route still can be exchanged and the clns neighbor is up, I had tried to use "clear clns neighbor"command and "clear ip route * " command in R1 and R2, and even I reloaded the router, that's the same. However, when I issue "isis circuit-type level-2 " in the interface of R1, the authentication began to work. the clns neighbor is up, but the route can not be exchanged even I also configed the " isis circuit-type level-2 " in R2. And R1 and R2 can exchanged the route when I config "domain-password xxxx " in R2. But I feel strange why I must config the circuit type to level-2. But I think the clns neighbor up is normal. Anyway, I think it may be a bug, And I will try the eigrp authentication again several days later. If anybody has any idea, please tell me.

Waimen

0 Helpful

johncheung
Level 1
Level 1
In response to waimen

‎04-03-2003 11:13 PM

u should be able to verify whether authentication is working by typing "show ip eigrp neigh" on R1 and confirming that R2 is a neighbor and vice versa....remember to type this command on both routers.....

0 Helpful
Customers Also Viewed These Support Documents