EIGRP Authentication

NOTE

• MD5とHMAC-SHA-256
• HMAC-SHA-256 はAF モードだけで使える
• hmac-sha-256 はkey chain 無しで直接パスワードを書く
• key chain のsendとacceptで有効期限を付けてローテション

 

key chain CCIE
 key 1
  key-string cisco

interface fa1/0
 ip authentication mode eigrp 65000 md5
 ip authentication key-chain eigrp 65000 CCIE

router eigrp CCIE
 address-family ipv4 unicast autonomous-system 65000
  af-interface default
   authentication mode md5
   authentication key-chain CCIE

 

router eigrp CCIE
 address-family ipv4 unicast autonomous-system 65000
  af-interface default
   authentication mode hmac-sha-256 cisco

 

key chain KEY_ROTATION
 key 10
  key-string CISCO10
  accept-lifetime 00:00:00 Jan 1 1993 00:15:00 Jan 1 2030
  send-lifetime 00:00:00 Jan 1 1993 00:05:00 Jan 1 2030
 key 20
  key-string CISCO20
  accept-lifetime 00:00:00 Jan 1 2030 infinite
  send-lifetime 00:00:00 Jan 1 2030 infinite

 

REFERENCE

• IP EIGRP Route Authentication
• EIGRP/SAF HMAC-SHA-256 Authentication