Eigrp authentication using md5 and manual route summarization on participating eigrp interfaces allow network engineers/administrators to secure their routing table entries while optimizing it to reduce the convergence time.
In this lab, I will demonstrate how to implement authentication for eigrp as well as eigrp manual route summarization. Before we proceed, someone might ask, why do we need to authenticate eigrp neighbors or why do even need to manually summarize when eigrp already has auto summary enabled? Below are the reasons why.
Why eigrp authentication and manual summarization?
- Eigrp authentication allows us to form neighbor relationship with the right eigrp routers.
- Eigrp authentication secures the eigrp routing table
- Eigrp manual summarization reduces the size of the eigrp routing table
- Manual summarization speeds up eigrp convergence time.
Network topology
IP address and eigrp setup
R1(config)#int loopback 0
R1(config-if)#ip add 192.168.0.1 255.255.255.0
R1(config-if)#int loopback 1
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#int loopback 2
R1(config-if)#ip add 192.168.2.1 255.255.255.0
R1(config-if)#int loopback 3
R1(config-if)#ip add 192.168.3.1 255.255.255.0
R1(config-if)#int loopback 4
R1(config-if)#ip add 192.168.4.1 255.255.255.0
R1(config-if)#int loopback 5
R1(config-if)#ip add 192.168.5.1 255.255.255.0
R1(config-if)#int loopback 6
R1(config-if)#ip add 192.168.6.1 255.255.255.0
R1(config-if)#int loopback 7
R1(config-if)#ip add 192.168.7.1 255.255.255.0
R1(config-if)#int loopback 8
R1(config-if)#ip add 192.168.8.1 255.255.255.0
R1(config-if)#int f0/0
R1(config-if)#ip add 172.17.17.1 255.255.255.252
R1(config-if)#desc connection to route 2
R1(config-if)#no shut
R1(config-if)#int f1/0
R1(config-if)#ip add 172.17.17.5 255.255.255.252
R1(config-if)#desc connection to route 3
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#router eigrp 10
R1(config-router)#no auto
R1(config-router)#passive-interface default
R1(config-router)#no passive-interface f0/0
R1(config-router)#no passive-interface f1/0
R1(config-router)#netw 172.17.17.0
R1(config-router)#netw 192.168.0.0 0.0.0.255
R1(config-router)#netw 192.168.1.0 0.0.0.255
R1(config-router)#netw 192.168.2.0 0.0.0.255
R1(config-router)#netw 192.168.3.0 0.0.0.255
R1(config-router)#netw 192.168.4.0 0.0.0.255
R1(config-router)#netw 192.168.5.0 0.0.0.255
R1(config-router)#netw 192.168.6.0 0.0.0.255
R1(config-router)#netw 192.168.7.0 0.0.0.255
R1(config-router)#netw 192.168.8.0 0.0.0.255
IP address and eigrp configuration on router2
R2(config)#int loopback 0
R2(config-if)#ip add 10.1.1.1 255.255.255.0
R2(config-if)#desc connection LAN
R2(config-if)#int f0/0
R2(config-if)#ip add 172.17.17.2 255.255.255.252
R2(config-if)#desc connection to route 1
R2(config-if)#no shut
R2(config-if)#int f1/0
R2(config-if)#ip add 172.17.17.9 255.255.255.252
R2(config-if)#desc connection to route 3
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#router eigrp 10
R2(config-router)#no auto
R2(config-router)#passive-interface default
R2(config-router)#no passive-interface f0/0
R2(config-router)#no passive-interface f1/0
R2(config-router)#netw 172.17.17.0
R2(config-router)#netw 10.1.1.0
IP address and eigrp configuration on router3
R3(config-if)#int f0/0
R3(config-if)#ip add 172.17.17.6 255.255.255.252
R3(config-if)#desc connection to route 1
R3(config-if)#no shut
R3(config-if)#int f1/0
R3(config-if)#ip add 172.17.17.10 255.255.255.252
R3(config-if)#desc connection to route 3
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#router eigrp 10
R3(config-router)#no auto
R3(config-router)#passive-interface default
R3(config-router)#no passive-interface f0/0
R3(config-router)#no passive-interface f1/0
R3(config-router)#netw 172.17.17.0
From the image below, we can see router2’s eigrp neighbor relationships as well as eigrp routing table.
From the output of show ip route eigrp 10 above, we can see that all eight subnets from Router1 are being advertised to Router2 and Router3. This is not efficient enough. We need to manually summarize on the interfaces connecting to Router2 and Router3. See commands below.
R1(config)#int f0/0
R1(config-if)#ip summary address eigrp 10 192.168.0.0 255.255.248.0
R1(config)#int f1/0
R1(config-if)#ip summary address eigrp 10 192.168.0.0 255.255.248.0
Let’s verify that manual eigrp summarization is taking place. Use the show ip route eigrp 10 command again on Router2. See output in the image below.
We can see that the routing table entries have been reduced. Eigrp manual summarization is quite simple; except to generate the summary address. To learn how to generate summary address and mask, click here.
Finally, let’s configure authentication for eigrp. It involves a few commands that will be entered on all three eigrp routers to handle neighbor authentication. See commands below.
On router1
R1(config)#key chain cisco
R1(config-keychain)#key 1
R1(config-keychain)#key-string cisco123
R1(config-keychain)#exit
R1(config)#int f0/0
R1(config-if)#ip authentication eigrp 10 md5
R1(config-if)#ip authentication key-chain eigrp 10 cisco
R1(config-if)#int f1/0
R1(config-if)#ip authentication eigrp 10 md5
R1(config-if)#ip authentication key-chain eigrp 10 cisco
Enter the above commands on router2 and router3 and you are good to go!
The post came out longer than anticipated because of the many commands entered. If you made this far, thanks for reading. If you have any question please drop it in the comment section.
If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscibe to my YouTube channel, like my Facebook page and follow me on Twitter