Tuesday, May 17, 2011

AUTHENTICATION


The MD5 keyed digest in each EIGRP packet prevents the introduction of unauthorized or false routing messages from unapproved sources. Each key has its own key ID, which is stored locally. The combined of the key ID and the interface associated with the message uniquely identifies the authentication algorithm and MD5 authentication key in use. EIGRP allows keys to be managed using key chains. Each key definition within the key chain can specify a time interval for which that key will be activated (its lifetime). Then, during the lifetime of a given key, routing update packets are sent with this activated key. Only one authentication packet is sent, regardless of how many valid keys exist. The software examines the key numbers in order from lowest to highest, and it uses the first valid key that it encounters.



BASIC CONFIGURATION OF ROUTER-R1:

R1(config)#int serial 1/0
R1(config-if)#ip add 1.0.0.1  255.0.0.0
R1(config-if)#no shut
R1(config-if)#exit

R1(config)#int fastethernet 0/0
R1(config-if)#ip address 200.100.50.1  255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit


BASIC CONFIGURATION OF ROUTER-R2:

R2(config)#int serial 1/1
R2(config-if)#ip address 1.0.0.2  255.0.0.0
R2(config-if)#no shut
R2(config-if)#exit

R2(config)#int serial 1/0
R2(config-if)#ip address 2.0.0.1  255.0.0.0
R2(config-if)#no shut
R2(config-if)#exit

R2(config)#int fastethernet 0/0
R2(config-if)#ip address 200.100.100.1  255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit


BASIC CONFIGURATION OF ROUTER-R3:

R3(config)#int serial 1/1
R3(config-if)#ip address 2.0.0.2  255.0.0.0
R3(config-if)#no shut
R3(config-if)#exit

R3(config)#interface fast 0/0
R3(config-if)#ip address 200.100.150.1  255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit 

RUNNING EIGRP ON ROUTER R1, R2, & R3:

R1(config)#router eigrp 2
R1(config-router)#network 200.100.50.0
R1(config-router)#network 1.0.0.0
R1(config-router)#end

R2(config)#router eigrp 2
R2(config-router)#network 200.100.100.0
R2(config-router)#network 2.0.0.0
R2(config-router)#network 1.0.0.0
R2(config-router)#end

R3(config)#router eigrp 2
R3(config-router)#network 200.100.150.0
R3(config-router)#network 2.0.0.0
R3(config-router)#end

CHECK THE ROUTING TABLE OF ROUTER R1, R2 & R3:

R1#show ip route
C    1.0.0.0/8 is directly connected, Serial1/0
D    2.0.0.0/8 [90/2681856] via 1.0.0.2, 00:01:38, Serial1/0
C    200.100.50.0/24 is directly connected, FastEthernet0/0
D    200.100.100.0/24 [90/2172416] via 1.0.0.2, 00:01:38, Serial1/0
D    200.100.150.0/24 [90/2684416] via 1.0.0.2, 00:00:59, Serial1/0

R2#show ip route
C    1.0.0.0/8 is directly connected, Serial1/1
C    2.0.0.0/8 is directly connected, Serial1/0
D    200.100.50.0/24 [90/2172416] via 1.0.0.1, 00:02:11, Serial1/1
C    200.100.100.0/24 is directly connected, FastEthernet0/0
D    200.100.150.0/24 [90/2172416] via 2.0.0.2, 00:01:33, Serial1/0


R3#show ip route
D    1.0.0.0/8 [90/2681856] via 2.0.0.1, 00:02:00, Serial1/1
C    2.0.0.0/8 is directly connected, Serial1/1
D    200.100.50.0/24 [90/2684416] via 2.0.0.1, 00:02:00, Serial1/1
D    200.100.100.0/24 [90/2172416] via 2.0.0.1, 00:02:00, Serial1/1
C    200.100.150.0/24 is directly connected, FastEthernet0/0



PERFORMING AUTHETICATION ON ROUTER-R2

R2(config)#key chain pakistan
NOTE:  This command identifies the name of the authentication key chain from which a key is to be obtained.
R2(config-keychain)#key 100
Note: This command identifies the ID number of authentication key on a key chain and enter configuration mode for that key. The range of keys is from 0 to 2147483648. The key ID number need not be consecutive.
R2(config-keychain-key)#key-string tayyab
Note: This command is used to set an authentication string (password) that is to be used to authenticate sent and received EIGRP packets. The string can contain from 1 to 80 uppercase and lowercase alphanumeric characters, except that the first character cannot be a number.
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#int serial 1/0
R2(config-if)#ip authentication key-chain eigrp 2 pakistan
*May 17 15:35:45.383: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 2: Neighbor 2.0.0.2 (Serial1/0) is down: keychain changed
*May 17 15:35:46.067: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 2: Neighbor 2.0.0.2 (Serial1/0) is up: new adjacency


Note: This command is used to enable authentication of EIGRP packets using keychain "Pakistan".
R2(config-if)#ip authentication mode eigrp 2 md5
*May 17 15:38:50.799: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 2: Neighbor 2.0.0.2 (Serial1/0) is down: authentication mode changed.

Note: There are two methods used for the authentication of EIGRP packets i.e. MD5 and Clear Text. This command is used to specify that MD5 authentication mode will be used. 

AFTER PERFORMING AUTHENTICATION ON ROUTER-R2:

R2#show ip eigrp neighbors
IP-EIGRP neighbors for process 2
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                                               (sec)         (ms)       Cnt Num
0   1.0.0.1                    Se1/1                     11 00:09:29  302  1812  0  8



R3#show ip eigrp neighbors
IP-EIGRP neighbors for process 2
Note: Adjacency between router R2 and Router R3 have been terminated. Therefore, router R2 has lost its neighbor 2.0.0.2 and Router R3 has lost its neighbor 2.0.0.1.


PERFORMING AUTHETICATION ON ROUTER-R3

R3(config)#key chain pakistan
R3(config-keychain)#key 100
R3(config-keychain-key)#key-string tayyab
R3(config-keychain-key)#exit
R3(config-keychain)#exit

R3(config)#int serial 1/1
R3(config-if)#ip authentication key-chain eigrp 2 pakistan
R3(config-if)#ip authentication mode eigrp 2 md5
R3(config-if)#exit

*May 17 15:45:16.527: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 2: Neighbor 2.0.0.1 (Serial1/1) is up: new adjacency


AFTER PERFORMING AUTHENTICATION OF ROUTER-R3::

R2#show ip eigrp neighbors
IP-EIGRP neighbors for process 2
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                                                     (sec)         (ms)       Cnt Num
1   2.0.0.2                 Se1/0                     12 00:01:34  217  1302  0  12
0   1.0.0.1                 Se1/1                     11 00:14:40  325  1950  0  8


R3#show ip eigrp neighbors
IP-EIGRP neighbors for process 2
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                                                    (sec)   (ms)              Cnt Num
0   2.0.0.1                 Se1/1                        12 00:02:25  236  1416  0  20

_______________________________________________
_______________________________________________



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)