Solved: Re: EIGRP authentication FlexConfig FDM

matthew_barker · ‎07-02-2025

Hi,

I am trying to set up EIGRP authentication on a port-channel interface on a Firepower 2100 via FDM directly (I don’t have FMC).

I have configured a template with a key-chain and also associated this with the name of the interface, it seems to take the configuration but doesn’t appear under the interface on the running config.

key-chain <key>

key-id <id>

key-string <string>

interface <name of interface>

Ip authentication mode eigrp <as> <hash>

ip authentication key-chain eigrp <as> <key-chain>

Any help would be appreciated.

Thanks,

Matt.

matthew_barker · ‎07-03-2025

Unfortunately we don’t have an FMC available to use, it’s looking like we might need to purchase one!

View solution in original post

ahollifield · ‎07-03-2025

Which parts aren't showing in the config? All of it? Was a deploy done after creating the FlexConfig object? Any deployment errors? What version?

matthew_barker · ‎07-03-2025

Hi,

Thanks for the reply.

So, nothing is showing in the running config under the port-channel configuration.

I did a deploy once I created the template, no errors are showing in the deployment logs.

I am however new to the FirePower and FDM , I’m guessing I’ve got the syntax of the template wrong as I read it won’t alert you if it’s wrong?

In the help it mentions creating a variable to reference the interface but that didn’t work either - again, I may have the syntax wrong but it didn’t throw up an error.

I will confirm the version tomorrow.

Thanks.

ahollifield · ‎07-03-2025

FlexConfig has always been annoying, especially on FDM. Any reason not to use FMC here?

matthew_barker · ‎07-03-2025

Unfortunately we don’t have an FMC available to use, it’s looking like we might need to purchase one!

ahollifield · ‎07-03-2025

You will be so much happier using FMC instead. Take a look at cdFMC as well.

matthew_barker · ‎07-03-2025

Thank you

wajidhassan · ‎07-03-2025

FDM has limited support for advanced routing features like EIGRP authentication, especially when applied via FlexConfig. Even if the key-chain and authentication commands are accepted, FDM may not properly bind them to the interface due to backend limitations or validation issues.

To troubleshoot, ensure the interface name matches exactly what’s used in the CLI, and check if FlexConfig is actually pushing the commands. Also, verify if the interface is included in the EIGRP process and that there’s no conflict from the FDM policy model.

If the commands aren’t showing in the running config, it’s likely a FlexConfig limitation. You may need to switch to FMC for full routing feature support or apply the configuration manually via CLI (not recommended for long-term FDM-managed devices).