Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
188
Views
6
Helpful
10
Replies

Regarding EIGRP Authentication

Go to solution
surendrasinghtanwar667
Level 1
Level 1

‎10-04-2024 08:51 AM

"Can EIGRP be configured on a per-neighbor basis, or is it strictly an interface-level configuration? I understand that EIGRP authentication is applied to all neighbors on a given interface, which can be limiting in multi-access networks. If I need different authentication settings for specific neighbors, what strategies can I use? Additionally, I’ve heard about key chains that allow for multiple keys, but can these keys be allocated to different routers individually? How does this all relate to the use of virtual templates in my configuration?"

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to surendrasinghtanwar667

‎10-05-2024 12:57 AM - edited ‎10-05-2024 12:58 AM

EIGRP Authentication per Neighbor (networklessons.com) <<- I think you talking about this 
this friend is not relate to authc per neighbor,
in link he use frame relay and hence can use one virtual interface for each neighbor and add authc under the virtual interface, in end you will also use one virtual interface per neighbor AND authc per interface.

MHM 

View solution in original post

10 Replies 10

Go to solution
paul driver
VIP
VIP

‎10-04-2024 09:27 AM

Hello
Eigrp authentication is on a per interface basis, be it in classic or named modes - meaning that eigrp packet exchanges will be authenticated. between neighbours through interfaces with eigrp applied

As MD5 authentication is not to be used anymore due to vulnerabilities so the more secure hmac-sha authentication is recommended, which can only be applied through named eigrp mode applied to either the default eigrp address family interface that will enable authentication to all eigrp interfaces or via a specific address family interfaces which will naturally enable authentication just on that interface.

router eigrp EIGRP
address-family ipv4 unicast autonomous-system x
af-interface default
authentication mode hmac-sha-256
or
af-interface xxx
authentication mode hmac-sha-256


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
MHM Cisco World
VIP
VIP
In response to paul driver

‎10-04-2024 10:03 AM

I think he ask if authc per interface or per neighbor.

@surendrasinghtanwar667 it per interface' you can not config different authc for each neighbor reach via same interface (in case you connect more than one router to SW).

MHM

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to MHM Cisco World

‎10-04-2024 10:32 AM

Hello @MHM Cisco World 
FYI - i did state it was per interface 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
surendrasinghtanwar667
Level 1
Level 1
In response to paul driver

‎10-04-2024 07:30 PM

Oh, I see. However, setting up authentication for each interface might be a challenging task. During my investigation, I came across the concept of a virtual template; could you kindly inform me of this?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to surendrasinghtanwar667

‎10-05-2024 12:57 AM - edited ‎10-05-2024 12:58 AM

EIGRP Authentication per Neighbor (networklessons.com) <<- I think you talking about this 
this friend is not relate to authc per neighbor,
in link he use frame relay and hence can use one virtual interface for each neighbor and add authc under the virtual interface, in end you will also use one virtual interface per neighbor AND authc per interface.

MHM 

Go to solution
surendrasinghtanwar667
Level 1
Level 1
In response to MHM Cisco World

‎10-05-2024 04:21 AM

It was misunderstanding by myside actually i thought that was router basic authentication but my question was what is this virtual interface and how it help to manage specific key for a neighbor which is mentioned in the above article

Go to solution
paul driver
VIP
VIP
In response to MHM Cisco World

‎10-05-2024 04:33 AM

Hello
-lol - as i have stated its STILL per interface authentication


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
surendrasinghtanwar667
Level 1
Level 1
In response to paul driver

‎10-05-2024 05:08 AM

Hello first read the chat what exactly i am asking about ??  EIGRP Authentication per Neighbor (networklessons.com) 

about this article i have understand that its per interface authentication 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to surendrasinghtanwar667

‎10-05-2024 03:14 AM

Hello
Even if you have multi-access network running eigrp then yes authentication is "per neighbour" so to speak due to the individual p2p connections  but it still needs to be applied on there interface where the neighbour resides be it physical or logical.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-04-2024 09:54 AM

I recently deployed some router different requirement, if the only Cisco device that is ok with EIGRP, if different vendor i suggest to OSPF

but the work i did for Cisco Routers only below guide help you :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mt-book/ire-sha-256.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card