Enhanced Interior Gateway Routing Protocol 1. EIGRP EIGRP is an advanced distance-vector routing...
-
Upload
piers-carter -
Category
Documents
-
view
225 -
download
1
Transcript of Enhanced Interior Gateway Routing Protocol 1. EIGRP EIGRP is an advanced distance-vector routing...
EIGRP• EIGRP is an advanced distance-vector routing protocol that relies
on features commonly associated with link-state protocols. • Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior
gateway protocol .• very low usage of network resources during normal operation; only
hello packets are transmitted on a stable network• when a change occurs, only routing table changes are propagated,
not the entire routing table; this reduces the load the routing protocol itself places on the network
• rapid convergence times for changes in the network topology (in some situations convergence can be almost instantaneous)
• Administrative Distance– Internal: 90– Summary: 5– External: 170
Rick Graziani [email protected]
Comparing EIGRP with IGRP
• Comparisons between EIGRP and IGRP fall into the following major categories:– Compatibility mode – Metric calculation – Hop count – Automatic protocol redistribution – Route tagging
IGRP Is no more in use
EIGRP Design FeaturesThe advantages of EIGRP over simple distance vector protocols:
1. EIGRP routers converge quickly because they rely on DUAL; guarantees loop-free operation at every instant throughout a route computation allowing all routers involved in a topology change to synchronize at the same time.
2. Make use of bandwidth by sending partial,bounded updates and its minimal consumption of bandwidth when network is stable.
3. Unlike IGRP, EIGRP offers full support for classless IP by exchanging subnet masks in routing updates.
4. Supports IP, IPX and AppleTalk
EIGRP Features
Flexible network design Multicast and unicast instead of broadcast
address Support for VLSM and discontiguous subnets Manual summarization at any point in the
internetwork Support for multiple network layer protocols Network Size is not limited .
Advanced distance vector Rapid convergence 100% loop-free classless routing Easy configuration Incremental updates Load balancing across equal- cost
by default and unequal-cost path
EIGRP Features ( cont..)
– RTP ( Reliable Transport Protocol )– DUAL ( Diffusing Update Algorithm )– PDM (Protocol Dependent Module)
Reliable Transport Protocol (RTP)
• Guarantee ordered delivery of EIGRP packets to all neighbors.• EIGRP uses RTP as its own proprietary transport-layer protocol
to guarantee delivery of routing information. • EIGRP can multicast and unicast to different peers
simultaneously, which allows for maximum efficiency.
DUAL finite-state machine algorithm
• The centerpiece of EIGRP is the Diffusing Update Algorithm (DUAL), which is the EIGRP route-calculation engine.
• DUAL tracks all the routes advertised by neighbors. Composite metrics of each route are used to compare them.
• EIGRP keeps important route and topology information readily available in a neighbor table and a topology table. These tables supply DUAL with comprehensive route information in case of network disruption. DUAL selects alternate routes quickly by using the information in these tables. If a link goes down, DUAL looks for an alternative route path, or feasible successor, in the topology table.
Protocol-dependent modules (PDM)
• Support for routed protocols, such as IP, IPX, and AppleTalk, is included in EIGRP through PDMs.
• Each PDM is responsible for all functions related to its specific routed protocol. • The IP-EIGRP module is responsible for the following:
– Sending and receiving EIGRP packets that bear IP data – Notifying DUAL of new IP routing information that is received – Maintaining the results of DUAL routing decisions in the IP routing table – Redistributing routing information that was learned by other IP-capable routing
protocols
The five EIGRP packet types are as follows:
– Hello: used to discover, verify, and rediscover neighbor routers– Acknowledgment: hello packets w/out data to indicate receipt
of any EIGRP packet – Update: used when a router discovers a new neighbor and
detects topology change– Query : used when specific information needed from one or
all of its neighbors– Reply: used to respond to a query packet
Hello and Holdtime Intervals
• Hellos – Used by the neighbor discovery and recovery process. – Multicast– Unreliable delivery (not acknowledged)– T1 and faster : Hello interval 5 seconds, hold time 15 seconds – Slower than T1: Hello interval 60 seconds, hold time 180
seconds – If a neighbor is not heard from for the duration of the hold time
(three times hello interval), EIGRP considers that neighbor down, and DUAL must step in to reevaluate the routing table.
– EIGRP routers do not need to have the same hello intervals and hold down intervals
Rick Graziani [email protected]
EIGRP Terminology • Successor – Current Route / Best Route• Feasible Successor - A backup route• Feasible distance (FD) is the minimum distance (metric) along a path to a
destination network.• Reported distance (RD) is the distance (metric) towards a destination as
advertised by an upstream neighbor. Reported distance is the distance reported in the queries, the replies and the updates.
• A neighbor meets the feasible condition (FC) if the reported distance by the neighbor is less than to the current feasible distance (FD) of this router. "If a neighbors metric is less than mine, then I know the neighbor doesn't have a loop going through me.“
• A feasible successor is a neighbor whose reported distance (RD) is less than or equal to the current feasible distance (FD). Feasible successor is one who meets the feasible condition (FC).
Rick Graziani [email protected]
EIGRP Successors and Feasible Successors
Successor: a route selected as primary route to use to reach a destination.
Feasible successor: a backup route
EIGRP Metric
• The criteria that EIGRP uses by default to calculate its metric:
–Bandwidth–Delay
• The optional criteria that EIGRP can be configured to use when calculating its metric:
–Reliability–Load
• Note: Although MTU is exchanged in EIGRP packets between neighbor routers, MTU is not factored into the EIGRP metric calculation.
Metrics• Metrics:
– Bandwidth– Delay– Reliability– Load
• Default Metric
– bandwidth = (10,000,000/bandwidth kbps) * 256– delay = (delay/10) * 256
– By default, EIGRP metric:Metric = bandwidth (slowest link) + delay (sum of delays)
– Delay = sum of the delays in the path, in tens of microseconds, multiplied by 256
– Bandwidth = [107 / (minimum bandwidth link along the path, in kilobits per second)] * 256
– Formula with default K values (K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0):Metric = [K1 * BW + ((K2 * BW) / (256 – load)) + K3 * delay]
– If K5 not equal to 0:Metric = metric * [K5 / (reliability + K4)]:
Rick Graziani [email protected]
A B C D Least bandwidth 64 kbps Total delay 6,000
A X Y Z D Least bandwidth 256 kbps Total delay 8,000• Delay is the sum of all the delays of the links along the paths:
Delay = [delay in tens of microseconds] x 256
• Bandwidth is the lowest bandwidth of the links along the paths:Bandwidth = [10,000,000 / (bandwidth in kbps)] x 256
EIGRP Metrics Calculation Example
EIGRP Concepts• EIGRP maintains three tables:
– Neighbor table: lists adjacent routers– Topology table: all EIGRP routing tables in AS– Routing table:holds best routes to a destination
• By forming adjacencies, EIGRP routers:– Dynamically learn of new routes that join their network – Identify routers that become either unreachable or inoperable – Rediscover routers that had previously been unreachable
• Every EIGRP router maintains a topology table for each configured network protocol.
• All learned routes to a destination are maintained in the topology table.
Neighbor discovery and recovery
• Establish adjacencies with neighbor routers by using small hello packets
• Hellos are sent by default every five seconds• By forming adjacencies, EIGRP routers do the
following:– Synch the Routing table when new adjacency are formed– Dynamically learn of new routes that join their network– Identify routers that become either unreachable or
inoperable– Rediscover routers that had previously been unreachable
Topology Table
• Topology Table– A passive route is one that is stable and available
for use. – An active route is a route in the process of being
recomputed by DUAL.
Rick Graziani [email protected]
Select Routes• If a link goes down, DUAL looks for an alternative route
path, or feasible successor, in the topology table. • If a feasible successor is not found, the route is flagged as
Active, or unusable at present. • Query packets are sent to neighboring routers requesting
topology information. • If the neighbors do not have the lost-route information,
queries are sent to their neighbors.• DUAL uses this information to recalculate successor and
feasible successor routes to the destination. • If a router has an alternate route, it answers the query;
this stops the query from spreading in that branch of the network.
router eigrp autonomous-system-number
• Defines EIGRP as the IP routing protocol.
• All routers in the internetwork that must exchange EIGRP routing updates must have the same autonomous system number.
Configuring EIGRP
network network-number [wildcard-mask]
• Identifies attached networks participating in EIGRP.
• The wildcard-mask is an inverse mask used to determine how to interpret the address. The mask has wildcard bits, where 0 is a match and 1 is “don’t care.”
Router(config)#
Router(config-router)#
bandwidth kilobits
• Defines the interface’s bandwidth for the purposes of sending routing update traffic.
Configuring EIGRP (Cont.)Router(config-if)#
EIGRP ConfigurationRouterX(config)# router eigrp autonomous-system
RouterX(config-router)# network network-number
EIGRP Route Summarization: Automatic
– Purpose: Smaller routing tables, smaller updates– Automatic summarization:
• On major network boundaries, subnetworks are summarized to a single classful (major) network.
• Automatic summarization occurs by default.
EIGRP and Discontiguous Networks Default Scenario Configuration
EIGRP, by default, does not advertise subnets and, therefore, cannot support discontiguous subnets.
EIGRP Route Summarization: Manual
•Manual summarization has the following characteristics:
– Summarization is configurable on a per-interface basis in any router within a network.
– When summarization is configured on an interface, the router immediately creates a route pointing to null0.
• Loop-prevention mechanism– When the last specific route of the summary goes away, the summary is
deleted.– The minimum metric of the specific routes is used as the metric of the
summary route.
EIGRP and Discontiguous Networks with no auto-summary
EIGRP with the no auto-summary parameter can advertise subnets and, therefore, can support discontiguous subnets.
Manual Summarization with EIGRP
RTC(config)#router eigrp 2446
RTC(config-router)#no auto-summary
RTC(config-router)#exit
RTC(config)#interface serial 0/0
RTC(config-if#ip summary-address eigrp 2446 2.1.0.0 255.255.0.0
R2 EIGRP Configuration
<output omitted>
interface FastEthernet0/0
ip address 172.17.2.2 255.255.255.0
<output omitted>
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.102 255.255.255.224
<output omitted>
router eigrp 100
network 172.17.2.0 0.0.0.255
network 192.168.1.0
Verifying EIGRP: show ip eigrp neighbors
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.102 Se0/0/1 10 00:07:22 10 2280 0 5
R1#
Verifying EIGRP: show ip route eigrp
R1#show ip route eigrp
D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:07:01, Serial0/0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:05:13, Null0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
D 192.168.1.0/24 is a summary, 00:05:13, Null0
R1#show ip route
<output omitted>
Gateway of last resort is not set
D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:06:55, Serial0/0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:05:07, Null0
C 172.16.1.0/24 is directly connected, FastEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.96/27 is directly connected, Serial0/0/1
D 192.168.1.0/24 is a summary, 00:05:07, Null0
Verifying EIGRP: show ip protocolsR1#show ip protocols
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 100
EIGRP NSF-aware route hold timer is 240s
<output omitted>
Maximum path: 4
Routing for Networks:
172.16.1.0/24
192.168.1.0
Routing Information Sources:
Gateway Distance Last Update
(this router) 90 00:09:38
Gateway Distance Last Update
192.168.1.102 90 00:09:40
Distance: internal 90 external 170
Verifying EIGRP: show ip eigrp interfaces
R1#show ip eigrp interfaces
IP-EIGRP interfaces for process 100
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 0 0/0 0 0/10 0 0
Se0/0/1 1 0/0 10 10/380 424 0
Verifying EIGRP: show ip eigrp topology
R1#show ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.1.96/27, 1 successors, FD is 40512000
via Connected, Serial0/0/1
P 192.168.1.0/24, 1 successors, FD is 40512000
via Summary (40512000/0), Null0
P 172.16.0.0/16, 1 successors, FD is 28160
via Summary (28160/0), Null0
P 172.16.1.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/0
P 172.17.0.0/16, 1 successors, FD is 40514560
via 192.168.1.102 (40514560/28160), Serial0/0/1
Verifying EIGRP: show ip eigrp traffic
R1#show ip eigrp traffic
IP-EIGRP Traffic Statistics for AS 100
Hellos sent/received: 429/192
Updates sent/received: 4/4
Queries sent/received: 1/0
Replies sent/received: 0/1
Acks sent/received: 4/3
Input queue high water mark 1, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Hello Process ID: 113
PDM Process ID: 73
RouterX# show ip eigrp interfaces
IP EIGRP interfaces for process 109
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Di0 0 0/0 0 11/434 0 0
Et0 1 0/0 337 0/10 0 0
SE0:1.16 1 0/0 10 1/63 103 0
Tu0 1 0/0 330 0/16 0 0
Verifying the EIGRP Configuration
RouterX# show ip eigrp interfaces
Displays information about interfaces configured for EIGRP
RouterX# show ip protocols
RouterX# show ip route eigrp
Displays the current EIGRP entries in the routing table
Displays the parameters and current state of the active process
RouterX# show ip eigrp neighbors
IP-EIGRP Neighbors for process 77
Address Interface Holdtime Uptime Q Seq SRTT RTO
(secs) (h:m:s) Count Num (ms) (ms)
172.16.81.28 Ethernet1 13 0:00:41 0 11 4 20
172.16.80.28 Ethernet0 14 0:02:01 0 10 12 24
172.16.80.31 Ethernet0 12 0:02:02 0 4 5 20
RouterX# show ip eigrp neighbors [detail]
Displays the neighbors discovered by IP EIGRP
Verifying the EIGRP Configuration (Cont.)
RouterX# show ip eigrp topology [all]
Displays the IP EIGRP topology table
Without the [all] parameter, shows successors and feasible successors
RouterX# show ip eigrp topology
IP-EIGRP Topology Table for process 77
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776
via 172.16.80.28 (46251776/46226176), Ethernet0
via 172.16.81.28 (46251776/46226176), Ethernet1
via 172.16.80.31 (46277376/46251776), Serial0
P 172.16.81.0 255.255.255.0, 2 successors, FD is 307200
via Connected, Ethernet1
via 172.16.81.28 (307200/281600), Ethernet1
via 172.16.80.28 (307200/281600), Ethernet0
via 172.16.80.31 (332800/307200), Serial0
Verifying the EIGRP Configuration (Cont.)
RouterX# show ip eigrp traffic
Displays the number of IP EIGRP packets sent and received
RouterX# show ip eigrp traffic
IP-EIGRP Traffic Statistics for process 77
Hellos sent/received: 218/205
Updates sent/received: 7/23
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 21/14
Verifying the EIGRP Configuration (Cont.)
RouterX# debug ip eigrp
IP-EIGRP: Processing incoming UPDATE packet
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960
IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960
IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200
IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 - 45714176 596480
IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 172.69.40.0 255.255.255.0 metric 2272256 - 1657856 614400
IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 - 40000000 622080
IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1
debug ip eigrp Command
Note: EIGRP routes are exchanged only when a change in topology occurs.
EIGRP Load Balancing
– By default, EIGRP does equal-metric load balancing:
• By default, up to four routes with a metric equal to the minimum metric are installed in the routing table.
– There can be up to 16 entries in the routing table for the same destination:
• The number of entries is configurable with themaximum-paths command.
EIGRP Unequal-Cost Load Balancing
variance multiplier
RouterX(config-router)#
Allows the router to load-balance across routes with a metric smaller than the multiplier value times the minimum metric route to that destination.
The default variance is 1, which means equal-cost load balancing.
Variance Example
Router E chooses router C to route to network 172.16.0.0 because it has the lowest feasible distance of 20.
With a variance of 2, router E also chooses router B to route to network 172.16.0.0 (20 + 10 = 30) < [2 * (FD) = 40].
Router D is not considered to route to network 172.16.0.0 (because 25 > 20).
Simple Password vs. MD5 Authentication
– Simple password authentication:• Router sends packet and key.• Neighbor checks whether key matches its key.• Process not secure.
– MD5 authentication: • Configure a key (password) and key ID; router
generates a message digest, or hash, of the key, key ID and message.
• Message digest is sent with packet; key is not sent.• Process IS secure.
EIGRP MD5 Authentication
– EIGRP supports MD5 authentication.– The router identifies itself for every EIGRP packet
it sends.– The router authenticates the source of each
routing update packet that it receives.– Each participating neighbor must have the same
key configured.
EIGRP MD5 Authentication Configuration Steps
1. Create the keychain, a group of possible keys (passwords).
2. Assign a key ID to each key.3. Identify the keys.4. (Optional) Specify the duration a key will be valid. 5. Enable MD5 authentication on the interface.6. Specify which keychain the interface will use.
Configuring EIGRP MD5 Authentication
key chain name-of-chain
RouterX(config)#
Enters the configuration mode for the keychain
RouterX(config-keychain)#
key key-id
Identifies the key and enters the configuration mode for the key ID
RouterX(config-keychain-key)#
key-string text
Identifies the key string (password)
RouterX(config-keychain-key)#
accept-lifetime start-time {infinite | end-time | duration seconds}
(Optional) Specifies when the key is accepted for received packets
RouterX(config-keychain-key)#
send-lifetime start-time {infinite | end-time | duration seconds}
(Optional) Specifies when the key can be used for sending packets
Configuring EIGRP MD5 Authentication (Cont.)
ip authentication mode eigrp autonomous-system md5
RouterX(config-if)#
Specifies MD5 authentication for EIGRP packets
RouterX(config-if)#
ip authentication key-chain eigrp autonomous-system
name-of-chain Enables authentication of EIGRP packets using the key in the keychain
Configuring EIGRP MD5 Authentication (Cont.)
R1 Configuration for MD5 Authentication
<output omitted>
key chain R1chain
key 1
key-string firstkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 04:01:00 Jan 1 2006
key 2
key-string secondkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
<output omitted>
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
!
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.101 255.255.255.224
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 R1chain
!
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.1.0
auto-summary
R2 Configuration for MD5 Authentication<output omitted>
key chain R2chain
key 1
key-string firstkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
key 2
key-string secondkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
<output omitted>
interface FastEthernet0/0
ip address 172.17.2.2 255.255.255.0
!
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.102 255.255.255.224
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 R2chain
!
router eigrp 100
network 172.17.2.0 0.0.0.255
network 192.168.1.0
auto-summary
Verifying MD5 AuthenticationR1#
*Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102 (Serial0/0/1) is up: new adjacency
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.1.102 Se0/0/1 12 00:03:10 17 2280 0 14
R1#show ip route
<output omitted>
Gateway of last resort is not set
D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:31:31, Null0
C 172.16.1.0/24 is directly connected, FastEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.96/27 is directly connected, Serial0/0/1
D 192.168.1.0/24 is a summary, 00:31:31, Null0
R1#ping 172.17.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
Troubleshooting EIGRP Authentication
RouterX# debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
*Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1
*Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.102
*Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe
erQ un/rely 0/0
RouterY# debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY,
SIAREPLY)
RouterY#
*Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2
*Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.101
*Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe
erQ un/rely 0/0
A successful MD5 authentication between RouterX and RouterY
Troubleshooting EIGRP Authentication Problem
RouterX(config-if)#key chain RouterXchain
RouterX(config-keychain)#key 2
RouterX(config-keychain-key)#key-string wrongkey
RouterY#debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
RouterY#
*Jan 21 16:50:18.749: EIGRP: pkt key id = 2, authentication mismatch
*Jan 21 16:50:18.749: EIGRP: Serial0/0/1: ignored packet from 192.168.1.101, opc
ode = 5 (invalid authentication)
*Jan 21 16:50:18.749: EIGRP: Dropping peer, invalid authentication
*Jan 21 16:50:18.749: EIGRP: Sending HELLO on Serial0/0/1
*Jan 21 16:50:18.749: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Jan 21 16:50:18.753: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.101
(Serial0/0/1) is down: Auth failure
RouterY#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
RouterY#
Unsuccessful MD5 authentication between RouterX and RouterY when RouterX key 2 is changed