Basic EIGRP Authentication


Security is a great thing isn’t it. Let’s look at another section of security: EIGRP authentication. This is applied on an interface that is connecting to another host(s) as an EIGRP neighbor. First things first, here is our topology:


Now that’s complex isn’t it? Anyways, interface ethernet0/0 on R1 has an IP of and R2 is A basic EIGRP neighbor relationship is established:


R1#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 Et0/0 11 00:08:12 1 3000 0 1

The part we are focusing on is the EIGRP authentication itself. First thing we need to do is create a keychain and a key. In this case, the key I am using is “Cisco123”:

R1# configure terminal
R1(config)# key chain EIGRP
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string Cisco123
R1(config-keychain-key)# end

Now that the key is established, it needs to be applied to an interface. This is done on the connecting interface into the EIGRP domain. In our very complex lab, it is ethernet0/0 on both routers. Here is what that process looks like:

R1# configure terminal
R1(config)# interface ethernet 0/0
R1(config-if)# ip authentication key-chain eigrp 100 EIGRP
R1(config-if)# ip authentication mode eigrp 100 md5

Looking at the first command, you can see that this applies the keychain to EIGRP AS 100 (which is what I used when configuring the routers). The EIGRP in all caps at the end of the command is the keychain name that I specified earlier. The second command specifies the authentication mode, which in this case is MD5. Once this is entered on both sides, the neighbor relationship is established again:

*May 5 20:20:12.857: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor (Ethernet0/0) is up: new adjacency

Pretty basic process overall, but a very worthwhile one to be aware of!


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.