################################################################################ #### ########################### EIGRP authentication testing ####################### #### ################################################################################ #### ################# Case 1

!-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary

R2(config-router)# *Mar 1 00:03:13.367: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.1 ( FastEthernet0/0) is up: new adjacency R2(config-router)# R2# R2#sh ip eigrp nei IP-EIGRP neighbors for process 12

Address

Interface

0 192.168.12.1 Fa0/0 R2#sh key chain Key-chain r2name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2#

Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 11 00:00:43 1266 5000 0 3

*Mar 1 00:03:58.047: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:03:58.047: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.1 *Mar 1 00:04:00.527: EIGRP: Sending HELLO on FastEthernet0/0 --------------R1(config-router)# *Mar 1 00:03:13.707: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.2 ( FastEthernet0/0) is up: new adjacency R1(config-router)# R1# IP-EIGRP neighbors for process 12 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.2 Fa0/0 13 00:00:48 104 624 0 3 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto speed auto end R1# *Mar 1 00:04:03.143: EIGRP: Sending HELLO on FastEthernet0/0 *Mar 1 00:04:05.671: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:04:05.671: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.2

################# Case 2

!-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 1 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary

R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain r2name: key 1 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes

! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2# *Mar 1 00:11:27.631: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:11:27.635: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ------------R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto speed auto end R1# *Mar 1 00:11:33.147: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:11:33.147: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) ################# Case 3

!-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5

ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 2 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary

R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain r2name: key 2 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2# *Mar 1 00:02:43.943: EIGRP: pkt authentication key id = 1, key not defined or n ot live *Mar 1 00:02:43.947: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ----------------sh ip eigrp nei

IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto speed auto end R1# *Mar 1 00:02:48.127: EIGRP: pkt authentication key id = 2, key not defined or n ot live *Mar 1 00:02:48.131: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication) ################# Case 4

!-------------------- R1 conf t hostname R1 key chain r1name key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain r2name key 2 key-string cisco2 interface FastEthernet0/0

ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name router eigrp 12 network 192.168.12.0 no auto-summary

R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain r2name: key 2 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r2name duplex auto speed auto end R2# R2# *Mar 1 00:31:52.827: EIGRP: pkt authentication key id = 1, key not defined or n ot live *Mar 1 00:31:52.827: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) R2# -------------R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain r1name: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 179 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 r1name duplex auto

speed auto end R1# *Mar 1 00:31:55.519: EIGRP: pkt authentication key id = 2, key not defined or n ot live *Mar 1 00:31:55.523: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication)

key-chain = ################# Case 5

!-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary

R2(config-router)# *Mar 1 00:02:01.955: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.1 ( FastEthernet0/0) is up: new adjacency R2(config-router)# R2# *Mar 1 00:02:13.747: %SYS-5-CONFIG_I: Configured from console by console R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.1 Fa0/0 10 00:00:26 103 618 0 3 R2#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# R2# *Mar 1 00:02:29.371: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:02:29.371: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.1 *Mar 1 00:02:34.111: EIGRP: Sending HELLO on FastEthernet0/0 -----------------------R1(config-router)# *Mar 1 00:02:02.459: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.2 ( FastEthernet0/0) is up: new adjacency R1# R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.2 Fa0/0 12 00:00:29 1278 5000 0 3 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0

ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# R1# *Mar 1 00:02:34.551: EIGRP: received packet with MD5 authentication, key id = 1 *Mar 1 00:02:34.551: EIGRP: Received HELLO on FastEthernet0/0 nbr 192.168.12.2 *Mar 1 00:02:34.739: EIGRP: Sending HELLO on FastEthernet0/0

################# Case 6

!-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 1 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary

R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 1 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# *Mar 1 00:01:57.075: EIGRP: Sending HELLO on FastEthernet0/0 *Mar 1 00:01:59.271: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:01:59.271: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ---------------R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# *Mar 1 00:02:01.907: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:02:01.907: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication)

################# Case 7

!-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 2 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary

R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 2 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0

ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# *Mar 1 00:01:54.739: EIGRP: pkt authentication key id = 1, key not defined or n ot live *Mar 1 00:01:54.739: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) -------------R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# R1# *Mar 1 00:01:57.223: EIGRP: pkt authentication key id = 2, key not defined or n ot live *Mar 1 00:01:57.227: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication)

################# Case 8

!-------------------- R1 conf t hostname R1 key chain rname key 1 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname

router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 conf t hostname R2 key chain rname key 2 key-string cisco2 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary

R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 2 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R2#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# R2# *Mar 1 00:02:19.143: EIGRP: pkt authentication key id = 1, key not defined or n ot live *Mar 1 00:02:19.147: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ------------------R1#sh ip eigrp nei IP-EIGRP neighbors for process 12

R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# *Mar 1 00:02:20.251: EIGRP: pkt authentication key id = 2, key not defined or n ot live *Mar 1 00:02:20.255: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication)

################# Case 9

!-------------------- R1 hostname R1 key chain rname key 1 key-string cisco1 key 2 key-string cisco2

interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary !-------------------- R2 hostname R2

key chain rname key 1 key-string cisco2 key 2 key-string cisco1 interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname router eigrp 12 network 192.168.12.0 no auto-summary

R2#sh ip eigrp nei IP-EIGRP neighbors for process 12 R2#sh key chain Key-chain rname: key 1 -- text "cisco2" accept lifetime (always valid) send lifetime (always valid) key 2 -- text "cisco1" accept lifetime (always valid) send lifetime (always valid) R2#sh run int fa0/0 Building configuration...

- (always valid) [valid now] (always valid) [valid now] - (always valid) [valid now] (always valid) [valid now]

Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R2# R2# *Mar 1 00:03:12.195: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:03:12.199: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.1, opcode = 5 (invalid authentication) ------------------R1#sh ip eigrp nei IP-EIGRP neighbors for process 12 R1#sh key chain Key-chain rname: key 1 -- text "cisco1" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now]

key 2 -- text "cisco2" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] R1#sh run int fa0/0 Building configuration... Current configuration : 178 bytes ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip authentication mode eigrp 12 md5 ip authentication key-chain eigrp 12 rname duplex auto speed auto end R1# *Mar 1 00:03:13.767: EIGRP: pkt key id = 1, authentication mismatch *Mar 1 00:03:13.767: EIGRP: FastEthernet0/0: ignored packet from 192.168.12.2, opcode = 5 (invalid authentication)