Enabling Eigrp Authentication - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring EIGRP
The as-num argument is the autonomous system number of the EIGRP routing process.
Step 2
Configure the interface connected to the distribution router to participate in EIGRP by entering the
following command:
hostname(config-router)# network ip-addr [ mask ]
Step 3
Configure the stub routing process by entering the following command. You must specify which
networks are advertised by the stub routing process to the distribution router. Static and connected
networks are not automatically redistributed into the stub routing process.
hostname(config-router)# eigrp stub {receive-only | [connected] [redistributed] [static]
[summary]}
Enabling EIGRP Authentication
EIGRP route authentication provides MD5 authentication of routing updates from the EIGRP routing
protocol. The MD5 keyed digest in each EIGRP packet prevents the introduction of unauthorized or false
routing messages from unapproved sources.
EIGRP route authentication is configured on a per-interface basis. All EIGRP neighbors on interfaces
configured for EIGRP message authentication must be configured with the same authentication mode
and key for adjacencies to be established.
Before you can enable EIGRP route authentication, you must enable EIGRP.
To enable EIGRP authentication on an interface, perform the following steps:
Step 1
Enter interface configuration mode for the interface on which you are configuring EIGRP message
authentication by entering the following command:
hostname(config)# interface phy_if
Enable MD5 authentication of EIGRP packets by entering the following command:
Step 2
hostname(config-if)# authentication mode eigrp as-num md5
The as-num argument is the autonomous system number of the EIGRP routing process configured on the
security appliance. If EIGRP is not enabled or if you enter the wrong number, the security appliance
returns the following error message:
% Asystem(100) specified does not exist
Configure the key used by the MD5 algorithm by entering the following command:
Step 3
hostname(config-if)# authentication key eigrp as-num key key-id key-id
The as-num argument is the autonomous system number of the EIGRP routing process configured on the
security appliance. If EIGRP is not enabled or if you enter the wrong number, the security appliance
returns the following error message:
% Asystem(100) specified does not exist
The key argument can contain up to 16 characters. The key-id argument is a number from 0 to 255.
Cisco Security Appliance Command Line Configuration Guide
9-26
Chapter 9
Configuring IP Routing
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
