Monday, March 21, 2011

Lab 58 - EIGRP Authentication

Prerequisites: CCNP level skills.

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task1
Configure EIGRP authentication on Frame-Relay link with the seamless key rotation (no interruption in the service). Below are the parameters to be used:
  • key 1 uses string 'CISCO1' and should be sent between 12:00:00 on Jan 1st 2011 and 12:10:00 on April 30th.
  • key 1 should be accepted 5 minutes past its sending time.
  • key 2 uses string 'CISCO2' and should be sent starting 12:00:00 on April 30th till the end of 2011 and valid forever.
Lab Solution

Task1
Configure EIGRP authentication on Frame-Relay link with the seamless key rotation (no interruption in the service). Below are the parameters to be used:
  • key 1 uses string 'CISCO1' and should be sent between 12:00:00 on Jan 1st 2011 and 12:10:00 on April 30th.
  • key 1 should be accepted 5 minutes past its sending time.
  • key 2 uses string 'CISCO2' and should be sent starting 12:00:00 on April 30th till the end of 2011 and valid forever.
Notice!
For the key rotation to work correctly, NTP service must be in use synchronizing the time on all routers. Since, I do not have NTP service enabled, I'll set up the clock manually.

Pic 2 - Date on the Routers.


R1, R2 and R3 configuration
!
key chain EIGRP_KEYS
 key 1
   key-string CISCO1
   accept-lifetime 12:00:00 Jan 1 2011 12:15:00 Apr 30 2011
   send-lifetime 12:00:00 Jan 1 2011 12:10:00 Apr 30 2011
 key 2
   key-string CISCO2
   accept-lifetime 12:00:00 Apr 30 2011 infinite
   send-lifetime 12:00:00 Apr 30 2011 infinite
!
interface Serial0/0
 ip authentication mode eigrp 1 md5
 ip authentication key-chain eigrp 1 EIGRP_KEYS
!

Verification:
Pic. 3 - Key Chain.
Pic. 4 - R3 EIGRP Neighbors.