Professional Documents
Culture Documents
Task
Remove OSPF from all devices in the network.
Add EIGRP to R1, R2, and R3.
Ensure that all loopbacks are seen in the routing tables of all routers
Configure EIGRP authentication between all routers in the topology.
Ensure that there are two key chains so that when the first key chain expires in 30 days, the second
key chain will be used.
Use cisco123key for the first key and cisco321key for the second key.
R1(config)#int g0/0
R1(config-if)#no ip ospf authentication-key cisco123
R1(config-if)#
R2(config)#int g0/0
R2(config-if)#do sh run int g0/0
Building configuration...
R3(config)#interface FastEthernet0/0.13
R3(config-subif)#no ip ospf authentication
R3(config-subif)#no ip ospf authentication-key cisco123
R3(config-subif)#interface FastEthernet0/0.23
R3(config-subif)#no ip ospf message-digest-key 1 md5 cisco123strong
R3(config-subif)#no ip ospf message-digest-key 2 md5 cisco321strong
R3(config-subif)#
R3(config-subif)#
R3(config-subif)#
SW1(config)#interface Vlan23
SW1(config-if)#no ip ospf authentication message-digest
SW1(config-if)#no ip ospf message-digest-key 2 md5 cisco321strong
SW1(config-if)#
R1(config-if)#
R1(config-if)#
R1(config-if)#router eigrp 100
R1(config-router)#net 136.1.13.0
R1(config-router)#net 150.1.1.0
R1(config-router)#no auto
R1(config-router)#end
R1#
R2#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router eigrp 100
R2(config-router)#net 136.1.23.0
R2(config-router)#net 150.1.2.0
R2(config-router)#no auto
R2(config-router)#
Configuring Basic EIGRP on R3:
R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Because each router is receiving routes, we can now move on to the addition of authentication. It's
important to look before enabling authentication. This helps with isolating issues between the
configuration of the routing process and the configuration of the authentication process.
Above, you can see the neighbor drop when authentication is applied to the interface. This is to be
expected, of course. The neighbor should come back when R3 is configured.
interface GigabitEthernet0/0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
end
When you copy and paste, be sure to watch the interfaces. In this case, both R1 and R2 are using
G0/0. Also, ensure that there are no spaces after the password. In general, copying and pasting
passwords is not recommended, but in this case it is OK do so.
You can copy and paste the key chain because it's the same.
As you can see in the output of the CLI, the neighbors have come back. Now verify routes in each
router's routing table.
At this point, the neighbors will most likely still be down. This is because we set the key to be
active at a future date. Change the clock to put each router in the time frame with which key 1 is
active.
R1#
R1#clock set 12:30:00 Feb 1 2013
R1#
R2(config)#end
R2#clock set 12:30:00 Feb 1 2013
R2#
R2#
Jan 9 00:29:35.803: %SYS-5-CONFIG_I: Configured from console by console
Feb 1 12:30:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:29
:36 UTC Wed Jan 9 2013 to 12:30:00 UTC Fri Feb 1 2013, configured from console by
console.
R2#
Feb 1 12:34:00.687: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 136.1.23.3 (Giga
bitEthernet0/0) is up: new adjacency
R2#
R3#
*Feb 1 12:30:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 23:2
5:59 UTC Tue Jan 8 2013 to 12:30:00 UTC Fri Feb 1 2013, configured from console b
y console.
Feb 1 12:30:10.503: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 136.1.13.1 (Fast
Ethernet0/0.13) is up: new adjacency
Finally, we enable our debug to verify that each packet contains authentication.
Bonus:
1. Change the clock on R1 so that the key rolls over to #2. What do the debugs show you on R1 and
R3?
2. On R2, change the Key 1 key-string to baddkey. What do the debugs show you?
3. On R1, remove authentication from the interface. What do the debugs show you?
4. List item