Re: Will EIGRP Support Encryption to Secure the Hello Packets?

AudieO · ‎06-17-2022

Hello Cisco Experts,

Aside SHA Authentication, for long time OSPFv3 can encrypt the Hello packets using IPSec ESP. Thus nobody can see the LSA Updates! Will EIGRP have the same feature?

Thank You,

Audie

Flavio Miranda · ‎06-17-2022

Hi

It does also.

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/82110-eigrp-authentication.html

"EIGRP message authentication is added to the interface of a router, that router stops receiving routing messages from its peers until they are also configured for message authentication. This does interrupt routing communications on your network. See Messages When Only Dallas is Configured for more information."

AudieO · ‎06-17-2022

Thanks for replying Flavio....yes the SHA authentication has been out for sometime, but my question is for encrypting the EIGRP Hello packets. OSPFv3 can perform this encryption. The OSPF Hello packets are encrypted and encapsulated inside ESP

balaji.bandi · ‎06-17-2022

Aside SHA Authentication, for long time OSPFv3 can encrypt the Hello packets using IPSec ESP. Thus nobody can see the LSA Updates! Will EIGRP have the same feature?

OSPFv3 is an open standard and v3 is much-improved version of OSPF, so you will not be getting the same features when you compare Eigrp vs OSPFv3.

what is the use case here for encryption

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

AudieO · ‎06-18-2022

Thanks for replying BB!

The default Hello packets can be captured, and will provide a sophisticated hacker some glimpse of EIGRP topology. Anyone can capture from a switch the Hello packets using Wireshark, and see the contents of the Hello packets.

I urge you to see the OSPFv3 Hello packets when the encryption feature is enabled...no Hello packets! You will see only IPSec ESP packets. The hello packets are encrypted, and encapsulated within ESP packets. I just hope EIGRP would have the same feature.