EIGRP Authentication

By default, no authentication is used for any routing protocol. Some protocols, such as RIPv2, IS-IS, and OSPF, can be configured to do simple password authentication between neighboring routers. In this type of authentication, a clear-text password is used. EIGRP does not support simple authentication. However, it can be configured to authenticate each packet exchanged, using an MD5 hash. This is more secure than clear text, as only the message digest is exchanged, not the password.

EIGRP authenticates each of its packets by including the hash in eachone. This helps verify the source of each routing update.

To configure EIGRP authentication, follow these steps:

Step 1. Configure a key chain to group the keys.

Step 2. Configure a key within that key chain.

Step 3. Configure the password or authentication string for thatkey. Repeat Steps 2 and 3 to add more keys if desired.

Step 4. Optionally configure a lifetime for the keys within that key chain. If you do this, be sure that the time is synchronized between the two routers.

Step 5. Enable authentication and assign a key chain to an interface.

Step 6. Designate MD5 as the type of authentication.