Download BSCI Module 2 Lesson 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
Document related concepts

Airborne Networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Routing wikipedia , lookup

Cisco Systems wikipedia , lookup

Transcript 
Configuring EIGRP
BSCI Module 2-1 – Introduction to EIGRP
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Objectives
 This module will cover topics which allow students to
meet the following objectives:
Describe the key capabilities that distinguish EIGRP from other
routing protocols
Identify the four key technologies employed by EIGRP
Describe how EIGRP operates
Describe the five components of the metric used by EIGRP
Calculate the EIGRP metric for a range of pathways between
routers
Explain how IGRP routes are integrated into EIGRP routes and
vice-versa
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Purpose of this Lesson
Coverage of topics new to the “EIGRP” module of BSCI.
 What’s new in this module?
EIGRP metric calculations for pathway ranges between routers.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
EIGRP Features
There are several key differences with EIGRP from
other routing protocols which are explored in this
module.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
EIGRP Key Technologies
 Neighbor discover/recovery
 Reliable Transport Protocol (RTP)
 DUAL finite-state machine
 Protocol-dependent modules (PDMs)
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
The Diffusing Update Algorithm (DUAL)
 How does EIGRP determine
which routes are loop-free?
 Each of A’s neighbors is
reporting reachability to E:
B with a cost of 10
C with a cost of 10
D with a cost of 30
 These three costs are
called the reported
distance (RD); the
distance each neighbor is
reporting to a given
destination
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
The Diffusing Update Algorithm (DUAL)
 At A, the total cost to reach E is:
20 through B
25 through C
45 through D
 The best of these three
paths is the path through
B, with a cost of 20
 This is the feasible distance (FD)
 The route with the best FD is
known as the “Successor”
 All next best routes are known as
“Feasible Successors”
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
The Diffusing Update Algorithm (DUAL)
 A uses the FD and the RD
to determine which paths
are loop-free
 The best path (FD) is used
as a benchmark; all paths
with RDs lower than the FD
cannot contain loops
 The algorithm may mark
some loop-free paths as
loops
 However, it is guaranteed
never to mark a looped path
as loop-free
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
The Diffusing Update Algorithm (DUAL)
 At A:
The path through B is the
best path (FD), at 20
C can reach E with a cost
of 10; 10 (RD) is less than
20 (FD), so this path is
loop-free.
D can reach E with a
cost of 30; 30 (RD) is
not less than 20 (FD),
so EIGRP assumes
this path is a loop.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
EIGRP Topology Table
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
EIGRP Neighbor Status
RTRA#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H
Address
Interface Hold Uptime SRTT
(sec)
(ms)
2
10.1.1.1 Et0
12
6d16h
20
1
10.1.4.3 Et1
13
2w2d
87
0
10.1.4.2 Et1
10
2w2d
85
RTO
Q
Cnt
200 0
522 0
510 0
Seq
Num
233
452
3
Seconds Remaining Before Declaring Neighbor Down
How Long Since the Last Time Neighbor Was Discovered
How Long It Takes for This Neighbor To Respond To Reliable Packets
How Long to Wait Before Retransmitting If No Acknowledgement
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
EIGRP IP Routing Table
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Example: EIGRP Tables
Router C’s tables:
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
EIGRP Packets
 Hello: Establish neighbor relationships.
 Update: Send routing updates
 Query: Ask neighbors about routing information
 Reply: Respond to query about routing information
 ACK: Acknowledge a reliable packet
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Initial Route Discovery
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
EIGRP Metric
 Same metric components as IGRP:
Bandwidth
Delay
Reliability
Loading
MTU
 EIGRP metric is IGRP metric multiplied by 256
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
EIGRP Metric Calculation
 By default, EIGRP metric:
Metric = bandwidth (slowest link only) + delay (sum of delays)
 Delay = sum of the delays in the path, in tens of
microseconds, multiplied by 256.
 Bandwidth = [(10^7) / (minimum bandwidth link along
the path, in kilobits per second)] * 256
 Formula with default K values (K1 = 1, K2 = 0, K3 = 1,
K4 = 0, K5 = 0):
Metric = [K1 * BW + ((K2 * BW) / (256 – load)) + K3 * delay]
 If K5 not equal to 0:
Metric = Metric * [K5 / (reliability + K4)]
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
EIGRP Metrics Calculation Example
ABCD
Least bandwidth 64 kbps
Total delay 6,000
AXYZD
Least bandwidth 256 kbps
Total delay 8,000
 Delay is the sum of all the delays of the links along the paths:
Delay = [delay in tens of microseconds] x 256
 BW is the lowest bandwidth of the links along the paths:
BW = [10,000,000 / (bandwidth in kbps)] x 256
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
EIGRP Metrics Are Backward-Compatible
with IGRP
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Summary
 EIGRP capabilities include fast convergence and support for
VLSM, partial updates, and multiple network layer protocols.
 EIGRP key technologies are: neighbor discovery/recovery, RTP,
DUAL finite-state machine, and protocol-dependent modules.
 EIGRP uses three tables: neighbor table, topology table, and
routing table. The routing table contains the best route to each
destination, called the successor route. A feasible successor route
is a backup route to a destination; it is kept in the topology table.
 EIGRP uses the same metric components as IGRP: delay,
bandwidth, reliability, load, and MTU.
 By default, EIGRP metric = bandwidth (slowest link) + delay (sum
of delays).
 EIGRP metrics are backward-compatible with IGRP; the EIGRPequivalent metric is the IGRP metric multiplied by 256.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Self Check
 What is a reported distance?
 What is a feasible distance?
 EIGRP uses three tables: name the three tables: __________,
____________, _____________. Which of the tables contains the
best route or successor route to each destination?
 EIGRP uses what metrics? __________, _________, _________,
__________, ___________
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Resources
 http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09
186a008009405c.shtml
 http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09
186a0080093f07.shtml
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Q and A
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Configuring EIGRP
BSCI Module 2-2 – Implementing and Verifying EIGRP
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
Objectives
 Upon completing this lesson, you will be able to
describe how to implement EIGRP routing. This ability
includes being able to meet these objectives:
Describe the commands used in a basic EIGRP configuration
task
Explain how to configure a router to use wildcard masks to
select the interfaces and networks that will participate in EIGRP
routing
Configure the gateway of last resort or default route
Verify that the router recognizes EIGRP neighbors and routes
Verify EIGRP operations
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
Purpose of this Lesson
Coverage of topics new to the “EIGRP” module of BSCI.
 What’s new in this module?
Describe the commands used in a basic EIGRP configuration task
Explain how to configure a router to use wildcard masks to select
the interfaces and networks that will participate in EIGRP routing
Configure the gateway of last resort or default route.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
27
Configuring EIGRP
Router(config)#
router eigrp autonomous-system-number
 Defines EIGRP as the IP routing protocol.
 All routers in the internetwork that must exchange EIGRP
routing updates must have the same autonomous system
number.
Router(config-router)#
network network-number [wildcard-mask]
 Identifies attached networks participating in EIGRP.
 The wildcard-mask is an inverse mask used to
determine how to interpret the address. The mask has
wildcard bits, where 0 is a match and 1 is “don’t care.”
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
28
Configuring EIGRP (Cont.)
Router(config-if)#
bandwidth kilobits
 Defines the interface’s bandwidth for the purposes of
sending routing update traffic.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Configuring EIGRP for IP
Network 192.168.1.0 is not configured on router A,
because it is not directly connected to router A.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30
Configuring EIGRP with IP (cont.)
Classful configuration example:
What’s wrong with this?
routerA(config)#router eigrp 109
routerA(config-router)#network 10.1.0.0
routerA(config-router)#network 10.4.0.0
routerA(config-router)#network 172.16.7.0
routerA(config-router)#network 172.16.2.0
Classless configuration example:
routerA(config)#router eigrp 109
routerA(config-router)#network 10.1.0.0 0.0.255.255
routerA(config-router)#network 10.4.0.0 0.0.255.255
routerA(config-router)#network 172.16.2.0 0.0.0.255
routerA(config-router)#network 172.16.7.0 0.0.0.255
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
31
Using the Wildcard Mask in EIGRP
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
32
Using and Configuring the ip default-network
command for EIGRP
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
33
Example R1 EIGRP Configuration
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
34
R2 EIGRP Configuration
<output omitted>
interface FastEthernet0/0
ip address 172.17.2.2 255.255.255.0
<output omitted>
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.102 255.255.255.224
<output omitted>
router eigrp 100
network 172.17.2.0 0.0.0.255
network 192.168.1.0
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
35
EIGRP Manual Summarization
 Automatic summarization of routes at the major classful
boundary is a characteristic of distance vector
operations.
 With EIGRP you can disable automatic summarization
and create one or more summary routes within the
network on any bit boundary as long as a more specific
route exists in the routing table.
When a more specific route no longer exists the summary
route is removed from the routing table.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
36
EIGRP Summarization
 In the routing table, summary routes are automatically
assigned to interface null0 to prevent routing loops.
This is also true for manual summarization
 If the summarizing router receives a packet for a
destination that is included in the summary route but is
unknown by the router, the router will send it to the null
interface – drops the packet.
 For manual summarization to be effective, blocks of
contiguous addresses (subnets) must come together at a
common router so that the router can advertise a single
summary route.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
37
Configuring Summary Routes
 Summary routes are manually configured at the
interface.
if)# ip summary-address eigrp [as number] [network] [subnet mask]
 Remember, these are summary addresses that your
router is summarizing
 Summary addresses also cut down on the number of
eigrp queries.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
38
Verifying EIGRP: show ip eigrp neighbors
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H
Address
Interface
Hold Uptime
SRTT
(sec)
(ms)
0
192.168.1.102 Se0/0/1
10
00:07:22
10
R1#
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
RTO
Q Seq
Cnt Num
2280 0 5
39
Verifying EIGRP: show ip route
eigrp
R1#show ip route eigrp
D
172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:07:01, Serial0/0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D
172.16.0.0/16 is a summary, 00:05:13, Null0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
D
192.168.1.0/24 is a summary, 00:05:13, Null0
R1#show ip route
<output omitted>
Gateway of last resort is not set
D
172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:06:55, Serial0/0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D
172.16.0.0/16 is a summary, 00:05:07, Null0
C
172.16.1.0/24 is directly connected, FastEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C
192.168.1.96/27 is directly connected, Serial0/0/1
D
192.168.1.0/24 is a summary, 00:05:07, Null0
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
40
Verifying EIGRP: show ip protocols
R1#show ip protocols
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 100
EIGRP NSF-aware route hold timer is 240s
<output omitted>
Maximum path: 4
Routing for Networks:
172.16.1.0/24
192.168.1.0
Routing Information Sources:
Gateway
Distance
Last Update
(this router)
90
00:09:38
Gateway
Distance
Last Update
192.168.1.102
90
00:09:40
Distance: internal 90 external 170
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
41
Verifying EIGRP: show ip eigrp
interfaces
R1#show ip eigrp interfaces
IP-EIGRP interfaces for process 100
Xmit Queue
Interface
Peers Un/Reliable
Fa0/0
0
0/0
Se0/0/1
1
0/0
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Mean
SRTT
0
10
Pacing Time
Un/Reliable
0/10
10/380
Multicast
Flow Timer
0
424
Pending
Routes
0
0
42
Verifying EIGRP: show ip eigrp
topology
R1#show ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.1.96/27, 1 successors, FD is 40512000
via Connected, Serial0/0/1
P 192.168.1.0/24, 1 successors, FD is 40512000
via Summary (40512000/0), Null0
P 172.16.0.0/16, 1 successors, FD is 28160
via Summary (28160/0), Null0
P 172.16.1.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/0
P 172.17.0.0/16, 1 successors, FD is 40514560
via 192.168.1.102 (40514560/28160), Serial0/0/1
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
43
Verifying EIGRP: show ip eigrp
traffic
R1#show ip eigrp traffic
IP-EIGRP Traffic Statistics for AS 100
Hellos sent/received: 429/192
Updates sent/received: 4/4
Queries sent/received: 1/0
Replies sent/received: 0/1
Acks sent/received: 4/3
Input queue high water mark 1, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Hello Process ID: 113
PDM Process ID: 73
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
44
Summary
 The configuration commands for basic EIGRP include:
router eigrp autonomous-system
network network-number [wildcard-mask]
bandwidth kilobits
 The optional wildcard-mask parameter in the network
command is an inverse mask used to determine how to
interpret the network-number. A wildcard bit of 0 is a
match and of 1 is “don’t care”.
 Create and advertise a default route in an EIGRP
autonomous system with the ip default-network
network-number command.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
45
Summary (cont.)
 Use the show ip eigrp neighbors command to
verify that the router recognizes its neighbors. Use the
show ip route eigrp command to verify that the
router recognizes routes from its neighbors.
 Use the show ip protocols, show ip eigrp
interfaces, show ip eigrp neighbors, show
ip eigrp topology, and show ip eigrp
traffic commands to verify EIGRP operations.
.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
46
Activity
 Create a simple network using EIGRP as your routing
protocol. These steps were discussed at the beginning
of this module.
 Verify your connections by running the show
commands discussed in the module:
show ip protocols, show ip eigrp interfaces, show
ip eigrp neighbors, show ip eigrp topology, and
show ip eigrp traffic
 Reflection: Are your routes displayed correctly in the
routing table and identified as both directly connected
or EIGRP?
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
47
Self Check
 Which show command verifies the router can recognize
its neighbors?
 Show ip route eigrp has what function?
 What command establishes EIGRP as the routing
protocol?
 Identify the command to create and advertise a default
route in an EIGRP autonomous system.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
48
Resources
 http://www.cisco.com/en/US/tech/tk365/technologies_te
ch_note09186a008009405c.shtml
 http://www.cisco.com/en/US/products/sw/iosswrel/ps18
28/products_command_reference_chapter09186a0080
0ca5a9.html
 http://www.cisco.com/en/US/tech/tk365/technologies_te
ch_note09186a0080093f07.shtml
.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
49
Q and A
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
50
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
51
Configuring EIGRP
BSCI Module 2-4 – Configuring EIGRP Authentication
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
52
Objectives
 Upon completing this lesson, you will be able to implement
authentication in an EIGRP network. This ability includes
being able to meet these objectives:
Describe router authentication
Describe the MD5 authentication used in EIGRP
Configure MD5 authentication
Troubleshoot MD5 authentication
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
53
Purpose of this Lesson
 Coverage of topics new to the “EIGRP” module of BSCI.
 What’s new in this module?
EIGRP Message Digest 5 (MD5) authentication and how to
configure and troubleshoot it.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
54
Router Authentication
 Many routing protocols support authentication such that
a router authenticates the source of each routing
update packet that it receives.
 Simple password authentication is supported by:
IS-IS
OSPF
RIPv2
 MD5 authentication is supported by:
OSPF
RIPv2
BGP
EIGRP
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
55
Simple Password vs. MD5 Authentication
 Simple password authentication:
Router sends packet and key.
Neighbor checks if received key matches its key.
Not secure.
 MD5 authentication
Configure a “key” (password) and key-id; router generates a
message digest, or hash, of the key, key-id and message.
Message digest is sent with packet; key is not sent.
Secure.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
56
EIGRP MD5 Authentication
 EIGRP supports MD5 authentication.
 Router generates and checks every EIGRP packet.
Router authenticates the source of each routing update
packet that it receives.
 Configure a “key” (password) and key-id; each
participating neighbor must have same key configured.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
57
MD5 Authentication
 EIGRP MD5 authentication:
Router generates a message digest, or hash, of the key, key-id,
and message.
EIGRP allows keys to be managed using key chains.
Specify key-id (number, key, and lifetime of key).
First valid activated key, in order of key numbers, is used.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
58
Configuring EIGRP MD5 Authentication
(cont.)
Router(config)#
key chain name-of-chain
 Enters configuration mode for the key-chain
Router(config-keychain)#
key key-id
 Identifies key and enters configuration mode for the keyid
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
59
Configuring EIGRP MD5 Authentication
(cont.)
Router(config-keychain-key)#
key-string text
 Identifies key string (password)
Router(config-keychain-key)#
accept-lifetime start-time {infinite | end-time | duration
seconds}
 Optional: specifies when key will be accepted for received
packets
Router(config-keychain-key)#
send-lifetime start-time {infinite | end-time | duration
seconds}
 Optional: specifies when key can be used for sending
packets
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
60
Configuring EIGRP MD5 Authentication
Router(config-if)#
ip authentication mode eigrp autonomous-system md5
 Specifies MD5 authentication for EIGRP packets
Router(config-if)#
ip authentication key-chain eigrp autonomous-system
name-of-chain
 Enables authentication of EIGRP packets using key in the
key-chain
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
61
Example MD5 Authentication
Configuration
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
62
R1 Configuration for MD5 Authentication
<output omitted>
key chain R1chain
key 1
key-string firstkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 04:01:00 Jan 1 2006
key 2
key-string secondkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
<output omitted>
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
!
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.101 255.255.255.224
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 R1chain
!
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.1.0
auto-summary
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
63
R2 Configuration for MD5 Authentication
<output omitted>
key chain R2chain
key 1
key-string firstkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
key 2
key-string secondkey
accept-lifetime 04:00:00 Jan 1 2006 infinite
send-lifetime 04:00:00 Jan 1 2006 infinite
<output omitted>
interface FastEthernet0/0
ip address 172.17.2.2 255.255.255.0
!
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.102 255.255.255.224
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 R2chain
!
router eigrp 100
network 172.17.2.0 0.0.0.255
network 192.168.1.0
auto-summary
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
64
Verifying MD5 Authentication
R1#
*Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor
192.168.1.102 (Serial0/0/1) is up: new adjacency
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H
Address
Interface
Hold
0
192.168.1.102
Se0/0/1
12
Uptime
SRTT
00:03:10 17
RTO Q Seq
2280 0 14
R1#show ip route
<output omitted>
Gateway of last resort is not set
D
172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D
172.16.0.0/16 is a summary, 00:31:31, Null0
C
172.16.1.0/24 is directly connected, FastEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C
192.168.1.96/27 is directly connected, Serial0/0/1
D
192.168.1.0/24 is a summary, 00:31:31, Null0
R1#ping 172.17.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
65
Troubleshooting MD5 Authentication
R1#debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY,
SIAREPLY)
*Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1
*Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.102
*Jan 21 16:38:51.745:
AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe
erQ un/rely 0/0
R2#debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY,
SIAREPLY)
R2#
*Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2
*Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.101
*Jan 21 16:38:38.321:
AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe
erQ un/rely 0/0
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
66
Summary
 There are two types of router authentication: simple
password and MD5.
 When EIGRP authentication is configured, the router
generates and checks every EIGRP packet and
authenticates the source of each routing update packet
that it receives. EIGRP supports MD5 authentication.
 To configure MD5 authentication, use the ip
authentication mode eigrp and ip
authentication key-chain interface commands.
The key chain must also be configured, starting with the
key chain command.
 Use debug eigrp packets to verify and
troubleshoot MD5 authentication.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
67
Activity
 Using the network created in module 2 using EIGRP as
your routing protocol, follow the steps in this module to
add security to EIGRP.
 Be sure to verify your connections by running the show
commands discussed in the module both before and
after you implement security.
show ip protocols, show ip eigrp interfaces, show
ip eigrp neighbors, show ip eigrp topology, and
show ip eigrp traffic
 NOTE: before adding any security, you should always
verify your connection first to avoid additional
troubleshooting later.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
68
Self Check
 Name the two types of router authentication:
_______________ and __________________
 Which two commands are used to configure MD5
authentication, _____________________ and
__________________
 What debug command will verify and troubleshoot MD5
authentication?
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
69
Resources
 http://www.cisco.com/en/US/tech/tk365/technologies_te
ch_note09186a008009405c.shtml
 http://www.cisco.com/en/US/products/sw/iosswrel/ps18
28/products_command_reference_chapter09186a0080
0ca5a9.html
 http://www.cisco.com/en/US/tech/tk365/technologies_te
ch_note09186a0080093f07.shtml
.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
70
Q and A
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
71
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
72
Configuring EIGRP
BSCI Module 2-5 – Configuring EIGRP in an Enterprise Network
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
73
Objectives
Upon completing this lesson, you will be able to describe,
recognize, and correct common EIGRP issues and
problems. This ability includes being able to meet these
objectives:
 Explain factors affecting scalability in large internetworks
 Explain how EIGRP uses queries to update its routing
tables in the event a route is lost and there is no feasible
successor
 Explain how to mark the spokes of large network as stubs
to reduce EIGRP queries and thus improve network
scaling
 Explain why SIA connections occur
 Explain how to minimize active routes
 Describe how graceful shut down prevents loss of
packets when routers go down
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
74
Purpose of this Lesson
Coverage of topics new to the “EIGRP” module of BSCI.
 What’s new in this module?
Configuring EIGRP in large scale (enterprise) networks
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
75
Factors That Influence EIGRP Scalability
 Quantity of routing information exchanged between
peers: without proper route summarization, this can be
excessive.
 Number of routers that must be involved when a
topology change occurs.
 Depth of topology: the number of hops that information
must travel to reach all routers.
 Number of alternate paths through the network.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
76
EIGRP Query Process
 Queries are sent when a route is lost and no feasible
successor is available.
 The lost route is now in “active” state.
 Queries are sent to all neighboring routers on all
interfaces except the interface to the successor.
 If the neighbors do not have their lost-route information,
queries are sent to their neighbors.
 If a router has an alternate route, it answers the query;
this stops the query from spreading in that branch of
the network.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
77
Updates and Queries in Hub-and-Spoke
Topology
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
78
EIGRP Stub
 The EIGRP Stub Routing feature
Improves network stability
Reduces resource utilization and
Simplifies remote router (spoke) configuration
 Stub routing is commonly used in hub-and-spoke topology
 Stub router sends a special peer information packet to all
neighboring routers to report its status as a stub router
 Any neighbor that receives a packet informing it of the
stub status does not query the stub router for any routes
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
79
 If A loses its connection
to 10.1.1.0/24, it must
build and transmit five
queries: one query to
each remote, and one
query to B
10.1.1.0/24
Stub Review
A
B
 Each of the remote sites
will also build a query
towards B
 B receives five queries
which it must process
and answer
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
80
 If these spokes are
remotes sites, they
typically have two
connections for
redundancy, not so they
can transit traffic between
A and B
 A should never use the
spokes as a path to
anything reachable
through B, so there’s no
reason to learn about, or
query for, routes through
these spokes
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10.1.1.0/24
Stub Review
A
B
These Are Not
Designed to
Transit Traffic
81
To signal A and B that the paths
through the spokes should not
be used for transit traffic, the
spoke routers can be
configured as stubs
10.1.1.0/24
Stub Review
A
B
router#config t#
router(config)#router eigrp 100
router(config-router)#eigrp stub
router(config-router)#
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
82
 Marking the spokes as
stubs allows them to signal
A and B that they are not
transit paths
 A will not query stubs,
reducing the total number
of queries in this example
to one
10.1.1.0/24
Stub Review
A
B
 Marking the remotes as
stubs also reduces the
complexity of this topology;
B now believes it only has
one path to 10.1.1.0/24,
rather than five
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
83
Configuring EIGRP Stub
Router(config-router)#
eigrp stub [receive-only|connected|static|summary]
 receive-only: Prevents the stub from sending any
type of route.
 connected: Permits stub to send connected routes
(may still need to redistribute).
 static: Permits stub to send static routes (must still
redistribute).
 summary: Permits stub to send summary routes.
 Default is connected and summary.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
84
Example: EIGRP stub Parameters
 If stub connected is
configured:
B will advertise 10.1.2.0/24
to A.
B will not advertise
10.1.2.0/23, 10.1.3.0/23, or
10.1.4.0/24.
 If stub summary is
configured:
B will advertise 10.1.2.0/23
to A.
B will not advertise
10.1.2.0/24, 10.1.3.0/24, or
10.1.4.0/24.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
85
Example: EIGRP stub Parameters (Cont.)
 If stub static is
configured:
B will advertise 10.1.4.0/24
to A.
B will not advertise
10.1.2.0/24, 10.1.2.0/23, or
10.1.3.0/24.
 If stub receive-only
is configured:
B won’t advertise anything to
A, so A needs to have a
static route to the networks
behind B to reach them.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
86
EIGRP Query Process Stuck-in-Active
 The router has to get all the replies from the neighbors
with an outstanding query before the router calculates
the successor information.
If any neighbor fails to reply to the query within three minutes,
by default, the route is SIA, and the router resets the neighbor
relationship with the neighbor that fails to reply.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
87
Active Process Enhancement
BSCI 2 - 1
Before
After
 Router A resets relationship to
router B when the normal active
timer expires. However, the
problem is the link between router
B and C.
 Router A sends an SIA-Query at
half of the normal active timer.
Router B acknowledges the
query there by keeping the
relationship up.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
88
Graceful Shutdown
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
89
Summary
 Factors that affect network scalability include:
.Amount of information exchanged between neighbors
Number of routers
Depth of the topology
Number of alternate paths through the network
 When a route is lost and no feasible successor is
available, queries are sent to all neighboring routers on all
interfaces.
 The eigrp stub command is used to enable the stub
routing feature, which improves network stability, reduces
resource utilization, and simplifies stub router
configuration.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
90
Summary (Cont.)
 Once a route goes active and the query sequence is
initiated, it can only come out of the active state and
transition to passive state when it receives a reply for
every generated query. If the router does not receive a
reply to all the outstanding queries within 3 minutes (the
default time), the route goes to the SIA state.
 The active process enhancement feature enables an
EIGRP router to monitor the progression of the search
for a successor route so that neighbor relationships are
not reset unnecessarily.
 With graceful shutdown, a goodbye message is
broadcast when an EIGRP routing process is shut
down, to inform adjacent peers about the impending
topology change.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
91
Activity
 Using the network created in module 4 using EIGRP as
your routing protocol, follow the steps in this module to
add a stub to EIGRP. Be sure you are running debug
eigrp to watch communication of your links.
 You can also verify your connections by running the
show commands discussed in the previous module
once you have added your stub route.
show ip protocols, show ip eigrp interfaces, show
ip eigrp neighbors, show ip eigrp topology, and
show ip eigrp traffic
 With debugging still running, shut down your stub
connection and observe the communication on your
debug output.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
92
Self Check
 What factors affect the scalability of a network:
 What command is used to enable the stub routing
feature?
 What is the purpose of enabling EIGRP stub routing?
 When routes are lost and no feasible successor can be
found, how does EIGRP reestablish its connection?
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
93
Resources
 http://www.cisco.com/en/US/tech/tk365/technologies_te
ch_note09186a008009405c.shtml
 http://www.cisco.com/en/US/products/sw/iosswrel/ps18
28/products_command_reference_chapter09186a0080
0ca5a9.html
 http://www.cisco.com/en/US/tech/tk365/technologies_te
ch_note09186a0080093f07.shtml
 http://www.cisco.com/en/US/products/sw/iosswrel/ps51
87/products_command_reference_chapter09186a0080
17d003.html
.
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
94
Q and A
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
95
BSCI 2 - 1
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
96
Related documents
Packet Tracer – Troubleshooting EIGRP for IPv4
Packet Tracer – Troubleshooting EIGRP for IPv4
Cisco on Cisco Chevron Presentation
Cisco on Cisco Chevron Presentation
If your staff need to upgrade or re
If your staff need to upgrade or re
Rex Spell - rabidcat.org
Rex Spell - rabidcat.org
JOB DESCRIPTION NETWORK ADMINISTRATOR
JOB DESCRIPTION NETWORK ADMINISTRATOR
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Cisco PWR-C45-1000AC= power supply unit (PWR
Cisco PWR-C45-1000AC= power supply unit (PWR
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Network Addressing
Network Addressing
Course Overview
Course Overview
Configuring EIGRP - University of Wolverhampton
Configuring EIGRP - University of Wolverhampton