Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
963
Views
5
Helpful
2
Replies

EIGRP Authentication | Which debug packet identify the authentication

vikas.networkbulls00
Level 1
Level 1

‎12-13-2015 05:04 AM - edited ‎03-08-2019 03:05 AM

Hi all,

To debug eigrp authentication we use this:-

R1#debug eigrp packets
EIGRP Packets debugging is on
    (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)

Questions:-

1.which particular packet type identify the authentication process....Is it Hello /Reply or anyone else  ?

2. is there any other way to check authentication mismatch ?(other then neighbor down output)

Authentication commands that are applied can be checked in Sh run command output :-

interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip authentication mode eigrp 100 md5
 ip authentication mode eigrp 1 md5
 ip authentication key-chain eigrp 100 cisco
 ip authentication key-chain eigrp 1 cisco
 ip summary-address eigrp 100 172.16.0.0 255.255.0.0 5
 duplex auto
 speed auto

I am doing all this on GNS3 1.3.11.

sorry for any mistakes ...i am new to cisco

Thanks In Advance...!!!!

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎12-13-2015 07:00 AM

Hi Vikas,

1.which particular packet type identify the authentication process....Is it Hello /Reply or anyone else  ?

If authentication is configured then every EIGRP packet will be authenticated - Hello, Update, Query, Reply, Ack, SIA-Query, and SIA-Reply. However, to see messages about failing authentication, you need to start either debug eigrp packet terse or debug eigrp packet or debug eigrp packet all if suspecting an authentication mismatch. Messages about wrong authentication will only be displayed if one of these is configured (the terse option is ideal as it gives out the most limited output while still reporting authentication mismatches).

2. is there any other way to check authentication mismatch ?(other then neighbor down output)

Unfortunately, I am afraid there is not. EIGRP debugs are the only way to check.

Best regards,
Peter

vikas.networkbulls00
Level 1
Level 1
In response to Peter Paluch

‎12-13-2015 06:23 PM

Thanks a lot Mr. Peter.

Few more Question :-

1. How much do we use Key chain in Real life ? (i guess this is used with Rip & EIGRP mostly , so chances are already very less)

2. Have you seen use of accept-lifetime / send life  or they are very rare in real life scenario's ?

Thanks In advance...!!!!

0 Helpful
Customers Also Viewed These Support Documents