Securing EIGRP

Securing EIGRP 209

EIGRP supports avenue affidavit by application MD5 affidavit for all acquisition updates. The MD5

authentication prevents the addition of crooked or apocryphal acquisition letters from crooked sources.

Note

EIGRP avenue affidavit is configured on a per-interface basis. All neighbors charge be configured with

the aforementioned affidavit approach and key for EIGRP adjacencies to be established.

EIGRP affidavit can be enabled on the concrete interface as follows:

Step 1. Enter the concrete interface agreement approach for which EIGRP affidavit needs to be

configured:

firewall(config)# interface phy_if

Step 2. Enable per-interface MD5 affidavit as follows:

firewall(config-if)# affidavit approach eigrp as-num md5

Step 3. Configure the defended key acclimated by the MD5 algorithm. The key altercation can accommodate up to 16

characters. The key-id altercation is a numeric cardinal from 0 to 255:

firewall(config-if)# affidavit key eigrp as-num key key-id key-id

Configuring EIGRP Butt Routing

Configuring EIGRP Butt Routing

The Security Appliance can be enabled as an EIGRP butt router through the afterward steps:

Step 1. Enable the EIGRP acquisition action from the all-around agreement approach as follows. The as-num is the

Autonomous System cardinal of the EIGRP acquisition process:

firewall(config)# router eigrp as-num

Step 2. Configure the interface affiliated to the administration router to participate in the EIGRP process:

firewall(config-router)# arrangement ip-addr [mask]

Step 3. Configure the Security Appliance for the butt acquisition process. Specific networks charge be explicitly

defined that charge to be advertised by the butt acquisition action to the administration router. By default,

static and affiliated networks are not automatically redistributed into the butt acquisition process.

firewall (config-router)# eigrp butt {receive-only | [connected] [redistributed] [static]

[summary]}

By default, EIGRP accost packets are beatific as multicast packets. In a nonbroadcast ambiance such as a tunnel,

EIGRP neighbors charge be manually authentic to accelerate accost packets as unicast messages. To ascertain a static

neighbor in EIGRP, use the afterward command from the router agreement mode:

firewall(config-router)# acquaintance ip-addr interface if_name

Multiple changeless neighbors can be authentic application the ahead categorical process.

Similar to EIGRP abutment in a Cisco IOS router, several added alternative ambit can be configured on Security

Appliance, such as the distribute-list, passive-interface and default-information commands.