Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
0
Helpful
5
Replies

EIGRP Failed Authentication

alfredobosca
Level 1
Level 1

‎09-12-2017 10:09 AM - edited ‎03-05-2019 09:07 AM

Hello,

I am have configured mismatch key-strings between 2 EIGRP neighbor to force that happen authentication fail event. My goal is to see the event in Wireshark.

 

So is so odd because I dind't see any change in the hello EIGRP packets.

Somebody knows which should be the change?

 

 

Best regards,

Labels:
Preview file
89 KB
0 Helpful
5 Replies 5

Mark Malone
VIP Alumni
VIP Alumni

‎09-12-2017 10:30 AM

Hi
I haven't tested this recently but I would have thought the hello packets wouldn't change , the relationship just wont form as the authentication is off on both sides the hello packets should still reach each other , if you debug the eigrp neighbour x.x.xx or debug ip eigrp all , rather the wireshark you may see more in the cli , I just installed a couple of 9k with eigrp authentication so I could break it and check if you need as im stil in install for a couple of days , I would think the authentication is the last stage , if theres no hellos it wont even get to that part
0 Helpful

Julio E. Moisa
VIP
VIP

‎09-12-2017 10:39 AM - edited ‎09-12-2017 10:39 AM

Hi

Adding to Mark comment, you can also use debug eigrp packets and debug ip eigrp notifications 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

alfredobosca
Level 1
Level 1
In response to Julio E. Moisa

‎09-12-2017 12:35 PM

Sure, I knowed it these debug commands. However I want to see the packets through Wireshark. The differents type of EIGRP packets are: Hello, Update, Query, Reply, SIA Query, SIA Reply. In this way the authentication mode is sent through Update or Hello packets... I am not sure. I think that I should to see another field inside the hello or Update packet indicating a authentication issue. 

 

Best regards,

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee

‎09-12-2017 01:41 PM

Alfredo,

This is strange. If you change the key-string in a key chain, the MD5 sum in the Hello packets must change; in EIGRP, every single packet is cryptographically signed if the authentication is on, and if the key chain changes, the MD5 sum must change, too.

Can you please post the configuration of the router where you tested the authentication, and describe how you changed the key chain to see a change in the Wireshark?

Best regards,
Peter

0 Helpful

alfredobosca
Level 1
Level 1
In response to Peter Paluch

‎09-13-2017 09:39 AM

Hello,

I have 2 routers connected directly.

CCIE1#show run

router eigrp CCIE
 !
 address-family ipv4 unicast autonomous-system 10
  !
  af-interface GigabitEthernet1/0/23
   authentication mode md5
   authentication key-chain CCIE
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 169.20.20.0 0.0.0.3
  network 169.20.20.4 0.0.0.3
  eigrp router-id 1.1.1.1
 exit-address-family


key chain CCIE
 key 1
  key-string no //I have changed intentionally the password in order to view failed message in Wireshark
CCIE2#show run

key chain CCIE
 key 1
  key-string ccie.2018!

router eigrp 10
 network 169.20.20.4 0.0.0.3
 network 169.20.20.12 0.0.0.3
 eigrp router-id 2.2.2.2
 eigrp stub connected summary

If instead of change the password I change the RID is possible to view the change in update packets. Can you confirm if the authentication settings should be appear in the TLV field into the Hello packet?

Best regards,

 

 

Preview file
57 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card