12-14-2012 07:46 AM - edited 03-07-2019 10:36 AM
Hi everybody.
Please consider the following example:
R1-------------------------R2
R1:
key 1 lee1
key 2 lee2
My book says when R1 receives a eigrp packet, it will try the lowest valid key first to authenticate the packet.
I put this cliam to test as follows:
R1--------------------------R2
R1
key chain lee
key 1 lee1
key 2 lee2
R2:
key chain lee
key 2 lee2.
R2 sends a hello packet to R1 using key 2.
Based on the book R1 should use the key 1 ( lee1) to authenticate the eigrp packet received from R2 and as a result authentication should fail.
But I noticed the key need to be used by receiving router is determined by key id field in the received eigrp packet. In my example, R2 sends hello to R1 using key 2. R1 receives the hello and sees the key id 2. R1 then knows which key it should use to authenticate the hello packet rather the lowest valid key as the book erroneously claims.
2nd observation:
R1 just receives the hello packet . This hello packet has key id 2. R1 authenticates the hello packet using key 2 successfully. Now h1 has to send hello to R2. R1 uses the lowest valid key which is in our case key 1 even though R1 knows that R2 is using key 2. When R2 receives this hello packet, it rejects the packet because it does not have key 1 to authenticate the packet.
Is my observation correct ?
Thanks and have a great weekend.
Solved! Go to Solution.
12-14-2012 09:32 AM
Hi
Both your observations are correct.
1. When you receive an eigrp packet with key id 2, receiver router will try to authenticate using the same key id 2
2. loweset valid key id sent, when the local router originates eigrp hello packets. Considering the received hello packet key id is not the right step because you can have multiple neighbors on that local router using same key chain and each of them can send you hellos with different key Ids
Thanks
Raju
12-14-2012 09:32 AM
Hi
Both your observations are correct.
1. When you receive an eigrp packet with key id 2, receiver router will try to authenticate using the same key id 2
2. loweset valid key id sent, when the local router originates eigrp hello packets. Considering the received hello packet key id is not the right step because you can have multiple neighbors on that local router using same key chain and each of them can send you hellos with different key Ids
Thanks
Raju
12-14-2012 11:17 AM
loweset valid key id sent, when the local router originates eigrp hello packets. Considering the received hello packet key id is not the right step because you can have multiple neighbors on that local router using same key chain and each of them can send you hellos with different key Ids
Yes if the receiving router has the valid key as specified by key id, receiving router can authenticate the eigrp packet.
It also means we can have two different keys on two routers.for sending and receiving eigrp packets.
For example R1 can sent eigrp packets by lowest valid key 2, as long as the the receiving router has the valid key as specified by key id which in our example is key 2, receiving router R2 can authenticate the eigrpmessages.
Similarly R2 router can sent the packet with its lowest valid key 3, and as long as R1 has the valid key as specified by key id which is key 3, R1 can authenticate the eigrp packets.
Thanks Raju and have a great weekend.
12-14-2012 03:37 PM
yes. That is right
Wish you too a great weekend
Thanks
Raju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide