How To Enable EIGRP Authentication using Key chain

EIGRP Authentication using Key chain- It is the most effective way of providing security and it also helps in easily isolating unwanted network to which we don't want traffic to go. By enabling eigrp authentication on router means breaking the adjacency neighbor relationship, as we already know to form neighbor relationship authentication must be successful.

READ ALSO:- WHAT IS EIGRP PROTOCOL AND ITS STANDOUT FEATURES?

READ ALSO:- WHAT IS STATIC ROUTING?

READ ALSO:- WHAT IS DYNAMIC ROUTING?

So in this article I will explain how to enable eigrp authentication and for that I require a scenario. So down below is the scenario along with the diagram, so lets get started.

SCENARIO:- The network Admin want to establish a key chain authentication between Mumbai router and the remote sites in Pune and Hyderabad. This is an Output from Mumbai:-

Note: I have already configured all the three routers with Eigrp(Without authentication).

Mumbai#sh ip eigrp neighbors
IP-EIGRP neighbors for process 10
H      Address             Interface        Hold   Uptime     SRTT         RTO     Q       Seq
                                                             (sec)                    (ms)           Cnt              Num
0      172.168.20.1      Se0/0/1         14        01:26:59      40           1000     0        7
1      172.168.40.2      Se0/0/0          9         01:26:56      40           1000     0        7

To Enable Eigrp Authentication Configuration step by step explanation:- 

Setting key chain On Mumbai Router---->

STEP No 1:- Enter The global Config mode

                     Mumbai#configure terminal

STEP No 2:- Now We will create a key chain, because before we can enable eigrp authentication we need to create at least one key chain and a key. So I am creating a key chain with name MYCHAIN

                     Mumbai(config)#key chain MYCHAIN

STEP No 3:- Now specifying  a key number ie 10 in this example. Also Note that it is highly recommended that you should you use same key number on all the routers.

                     Mumbai(config-keychain)#key 10

STEP No 4:- Now write down the key-string for the key. I am using "cisco" in this example.

                     Mumbai(config-keychain-key)#Key-string cisco

STEP No 5:- End the configuration by using command end.

         Mumbai(config-keychain-key)#end

Now to enable Eigrp authentication using key chain on the Mumbai router, we need to specify which at interface you want authentication to be enabled.

Note; When the authentication is enabled that particular port will stop receiving routing messages from its peers until they are also configured for the same.

STEP No 1:- Enter The global Config mode

                     Mumbai#configure terminal

STEP No 2:- Specify at which interface you want to enable eigrp authenication,so as per this example we have to set it at interface se0/0/0 as well as interface se0/0/1. First I will do this with se0/0/0.

                     Mumbai(config)#interface se0/0/0

STEP No 3:- Now enable eigrp authentication with md5 algorithm. Here 10 is the autonomous system of the eigrp. 

                     Mumbai(config-if)#ip authentication mode eigrp 10 md5

STEP No 4:- Now specify the key- chain you want to use for authentication. In this the name is MYCHAIN. Here also 10 is the autonomous system.

                      Mumbai(config-if)#ip authentication key-chain eigrp 10 MYCHAIN

STEP No 5:- End the configuration by using command end.

         Mumbai(config-keychain-key)#end

Now do the same configuration of key chain authentication on Mumbai router interface Se0/0/1.

Mumbai#configure terminal

Mumbai(config)#interface se0/0/1

Mumbai(config-if)#ip authentication mode eigrp 10 md5

Mumbai(config-if)#ip authentication key-chain eigrp 10 MYCHAIN

Mumbai(config-keychain-key)#end

Setting key chain On Pune Router---->
All the steps will be same,so without explaining I will just write the commands.

Pune#configure terminal
Pune(config)#key chain MYCHAIN

Pune(config-keychain)#key 10

Pune(config-keychain-key)#Key-string cisco

Pune(config-keychain-key)#end

Now Enabling Eigrp authentication key on the Pune router interface se0/0/1, All the steps will be same,so without explaining I will just write the commands.

Pune#configure terminal

Pune(config)#interface se0/0/1

Pune(config-if)#ip authentication mode eigrp 10 md5

Pune(config-if)#ip authentication key-chain eigrp 10 MYCHAIN

Pune(config-keychain-key)#end

Setting key chain On Hyderabad Router---->
All the steps will be same,so without explaining I will just write the commands.

Hyderabad#configure terminal
Hyderabad(config)#key chain MYCHAIN

Hyderabad(config-keychain)#key 10

Hyderabad(config-keychain-key)#Key-string cisco

Hyderabad(config-keychain-key)#end

Now Enabling Eigrp authentication key on the Hyderabad router interface se0/0/0, All the steps will be same,so without explaining I will just write the commands.

Hyderabad#configure terminal

Hyderabad(config)#interface se0/0/1

Hyderabad(config-if)#ip authentication mode eigrp 10 md5

Hyderabad(config-if)#ip authentication key-chain eigrp 10 MYCHAIN

Hyderabad(config-keychain-key)#end

CONCLUSION--

Once all the steps to enable eigrp authentication is done, they will start sending and receiving routing updates and messages again and the eigrp neignbor relationship will establish. If you want to verify all this in real time just use debug eigrp packets command in privilege mode. 

Also comment down below, if you have any question regarding How To Enable EIGRP Authentication using Key chain I will try to answer at my best of capabilities.