Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
4
Replies

Will EIGRP Support Encryption to Secure the Hello Packets?

AudieO
Level 1
Level 1

‎06-17-2022 10:19 AM

Hello Cisco Experts,

Aside SHA Authentication, for long time OSPFv3 can encrypt the Hello packets using IPSec ESP. Thus nobody can see the LSA Updates! Will EIGRP have the same feature?

 

Thank You,

Audie

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎06-17-2022 10:48 AM

Hi

 It does also.

 

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/82110-eigrp-authentication.html 

 

"EIGRP message authentication is added to the interface of a router, that router stops receiving routing messages from its peers until they are also configured for message authentication. This does interrupt routing communications on your network. See Messages When Only Dallas is Configured for more information."

0 Helpful

AudieO
Level 1
Level 1

‎06-17-2022 11:23 AM

Thanks for replying Flavio....yes the SHA authentication has been out for sometime, but my question is for encrypting the EIGRP Hello packets.  OSPFv3 can perform this encryption. The OSPF Hello packets are encrypted and encapsulated inside ESP

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎06-17-2022 11:46 AM 

Aside SHA Authentication, for long time OSPFv3 can encrypt the Hello packets using IPSec ESP. Thus nobody can see the LSA Updates! Will EIGRP have the same feature?

OSPFv3 is an open standard and v3 is much-improved version of OSPF, so you will not be getting the same features when you compare Eigrp vs OSPFv3.

 

what is the use case here for encryption 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

AudieO
Level 1
Level 1
In response to balaji.bandi

‎06-18-2022 06:32 AM

Thanks for replying BB!

 

The default Hello packets can be captured, and will provide a sophisticated hacker some glimpse of EIGRP topology. Anyone can capture from a switch the Hello packets using Wireshark, and see the contents of the Hello packets.

 

I urge you to see the OSPFv3 Hello packets when the encryption feature is enabled...no Hello packets! You will see only IPSec ESP packets. The hello packets are encrypted, and encapsulated within ESP packets. I just hope EIGRP would have the same feature.

0 Helpful
Customers Also Viewed These Support Documents