cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
562
Views
0
Helpful
4
Replies

EIGRP Authentication

isoffice1
Level 1
Level 1

Hi all,

Our organisation recently underwent a network security audit and one of the recommendations was to implement EIGRP Authentication on our Layer 3 switches. Our LAN is segmented into different VTP Domains with routed links between each.

All of the segments consist of Cisco 3750E or 3750X switch stacks and they link back to a pair of Cisco 6509's (layer 3, routed links).

We have been able to configure the EIGRP Authentication on most of the routed links. However, there are a couple of 3750E Switch stacks which do not seem to accept the commands required to do so, i.e.

ip authentication mode eigrp AS number md5

ip authentication key-chain eigrp AS number key chain

When we attempt to apply this configuration to the interfaces, they do not seem to apply, that is, they do not show up on the running-config. The other end of the link (core 6509) accepts the commands fine.

The 3750E switches in question are running C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2 (44) SE1.

I can create the key chain on these switches fine, but cannot apply the EIGRP authentication configuration.

Is this possibly a software version issue or is there something blatantly obvious that I may have overlooked?

Any help would be much appreciated.

Many thanks,

John P

1 Accepted Solution

Accepted Solutions

Refer:

https://supportforums.cisco.com/discussion/10871306/eigrp-authentication-issue

https://tools.cisco.com/bugsearch/bug/CSCsm26406

work around is to upgrade to image 12.2(44)SE2

HTH

"Please rate helpful posts"

View solution in original post

4 Replies 4

harryraju
Level 1
Level 1

Hi John 

Did you manage to resolve this ?

You mentioned that the 3750s stacks link to a pair of 6509’s , is it through a port-channel or individual interfaces ? If using port-channels , does the EIGRP commands show up under the port-channel config ?

Hi harryraju,

Thanks for posting you reply.

The issue is still ongoing. The links between the 3750E stacks and the core 6509's are individual routed interfaces, not port-channels.

We are due to upgrade the operating system on the 3750's shortly (using our Prime Infrastructure appliance). We just have to pencil in the downtime to do so.

I'm hoping this may go some way to resolve the issue, as we have another 3750E stack (running a later software version) which didn't experience this problem when configuring the EIGRP Authentication.

Will post the results of that when we get round to carrying out the upgrade.

Best regards,

John P.

Refer:

https://supportforums.cisco.com/discussion/10871306/eigrp-authentication-issue

https://tools.cisco.com/bugsearch/bug/CSCsm26406

work around is to upgrade to image 12.2(44)SE2

HTH

"Please rate helpful posts"

Hi Poonam Garg,

Thank you very much for your reply. This indeed looks like the root of our problem. We will carry out the upgrade as soon as we can schedule the downtime.

Best regards,

 

John P

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco