#################################################################################### ########################### EIGRP authentication testing ########################### #################################################################################### ################# Case 1 !-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary R2(config-router)# *Mar 1 00:03:13.367: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.1 (FastEthernet0/0) is up: new adjacency R2(config-router)# R2# R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.1 Fa0/0 11 00:00:43 1266 5000 0 3 R2#sh key chain Key-chain r2name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2# *Mar 1 00:03:58.047: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:03:58.047: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.1 *Mar 1 00:04:00.527: EIGRP: Sending HELLO on FastEthernet0/0 --------------- R1(config-router)# *Mar 1 00:03:13.707: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.2 (FastEthernet0/0) is up: new adjacency R1(config-router)# R1# IP-EIGRP neighbors for process 12 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.2 Fa0/0 13 00:00:48 104 624 0 3 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto speed auto end R1# *Mar 1 00:04:03.143: EIGRP: Sending HELLO on FastEthernet0/0 *Mar 1 00:04:05.671: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:04:05.671: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.2 ################# Case 2 !-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 1 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain r2name: key 1 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2# *Mar 1 00:11:27.631: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:11:27.635: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ------------- R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto speed auto end R1# *Mar 1 00:11:33.147: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:11:33.147: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) ################# Case 3 !-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 2 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain r2name: key 2 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2# *Mar 1 00:02:43.943: EIGRP: pkt authentication key id = 1, key not defined or not live *Mar 1 00:02:43.947: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ----------------- sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto speed auto end R1# *Mar 1 00:02:48.127: EIGRP: pkt authentication key id = 2, key not defined or not live *Mar 1 00:02:48.131: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) ################# Case 4 !-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 2 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain r2name: key 2 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2# R2# *Mar 1 00:31:52.827: EIGRP: pkt authentication key id = 1, key not defined or not live *Mar 1 00:31:52.827: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) R2# -------------- R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto speed auto end R1# *Mar 1 00:31:55.519: EIGRP: pkt authentication key id = 2, key not defined or not live *Mar 1 00:31:55.523: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) key-chain = ################# Case 5 !-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary R2(config-router)# *Mar 1 00:02:01.955: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.1 (FastEthernet0/0) is up: new adjacency R2(config-router)# R2# *Mar 1 00:02:13.747: %SYS-5-CONFIG_I: Configured from console by console R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.1 Fa0/0 10 00:00:26 103 618 0 3 R2#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# R2# *Mar 1 00:02:29.371: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:02:29.371: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.1 *Mar 1 00:02:34.111: EIGRP: Sending HELLO on FastEthernet0/0 ------------------------ R1(config-router)# *Mar 1 00:02:02.459: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.2 (FastEthernet0/0) is up: new adjacency R1# R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.2 Fa0/0 12 00:00:29 1278 5000 0 3 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# R1# *Mar 1 00:02:34.551: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:02:34.551: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.2 *Mar 1 00:02:34.739: EIGRP: Sending HELLO on FastEthernet0/0 ################# Case 6 !-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 1 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 1 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# *Mar 1 00:01:57.075: EIGRP: Sending HELLO on FastEthernet0/0 *Mar 1 00:01:59.271: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:01:59.271: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ---------------- R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# *Mar 1 00:02:01.907: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:02:01.907: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) ################# Case 7 !-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 2 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 2 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# *Mar 1 00:01:54.739: EIGRP: pkt authentication key id = 1, key not defined or not live *Mar 1 00:01:54.739: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) -------------- R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# R1# *Mar 1 00:01:57.223: EIGRP: pkt authentication key id = 2, key not defined or not live *Mar 1 00:01:57.227: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) ################# Case 8 !-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 2 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 2 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# R2# *Mar 1 00:02:19.143: EIGRP: pkt authentication key id = 1, key not defined or not live *Mar 1 00:02:19.147: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ------------------- R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# *Mar 1 00:02:20.251: EIGRP: pkt authentication key id = 2, key not defined or not live *Mar 1 00:02:20.255: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) ################# Case 9 !-------------------- R1 hostname R1 key chain rname key 1 key-string cisco1 key 2 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 hostname R2 key chain rname key 1 key-string cisco2 key 2 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 1 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] key 2 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# R2# *Mar 1 00:03:12.195: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:03:12.199: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ------------------- R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] key 2 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# *Mar 1 00:03:13.767: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:03:13.767: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication)