Config Router

You are here: Home / Cisco / CCNP Route Lab 2-5, EIGRP Authentication and Timers

CCNP Route Lab 2-5, EIGRP Authentication and Timers

by

CCNP Route Lab 2-5, EIGRP Authentication and Timers

Topology

ccnp-route-lab-eigrp-authentication-timers

Objectives

  • Review a basic configuration of EIGRP.
  • Configure and verify EIGRP authentication parameters.
  • Configure EIGRP hello interval and hold time.
  • Verify the hello interval and hold time.

Background
As a network engineer, you have weighed the benefits of routing protocols and deployed EIGRP in your corporation’s network. Recently, a new Chief Information Officer replaced the previous CIO and outlined a new network policy detailing more robust security measures. The CIO has also drawn up specifications to allow more frequent checking between neighboring routers so that fewer packets are lost in transit during times of instability. In this lab, you implement the CIO’s specifications on the network.

Note: This lab uses Cisco 1841 routers with Cisco IOS Release 12.4(24)T1 and the advanced IP services image c1841 -advipservicesk9-mz.124-24.T1 .bin. The switch is a Cisco WS-C2960-24TT-L with the Cisco IOS image c2960-lanbasek9-mz.122-46.SE.bin. You can use other routers (such as a 2801 or 2811) and Cisco IOS Software versions if they have comparable capabilities and features. Depending on the router or switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.

Required Resources

  • 3 routers (Cisco 1841 with Cisco IOS Release 12.4(24)T1 Advanced IP Services or comparable)
  • 1 switch (Cisco 2960 with the Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image or comparable)
  • Serial and Ethernet cables

Step 1: Configure the hostname and interface addresses.
Using the addressing scheme in the diagram, apply IP addresses to the loopback, serial, and Fast Ethernet interfaces on R1, R2, and R3. Set the serial interface bandwidth on each router with the interface-level bandwidth bandwidth command. Specify the bandwidth as 64 kb/s on each serial interface. Specify the clock
rate on the DCE end of each serial link using the clock rate 64000 command.

Note: If you have WIC-2A/S serial interfaces, the maximum clock rate is 128 kb/s. If you have WIC-2T serial interfaces, the maximum clock rate is much higher (2.048 Mb/s or higher depending on hardware), which is more representative of a modern network WAN link. However, this lab uses 64 kb/s and 128 kb/s settings.You can copy and paste the following configurations into your routers to begin.

Note: Depending on the router model, the interfaces might be numbered differently than those listed and might require you to alter the interface designation accordingly.

Router R1

hostname R1
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
no shutdown
!
interface Serial0/0/0
ip address 172.16.12.1 255.255.255.248
clock rate 64000
bandwidth 64
no shutdown
!
interface Serial0/0/1
ip address 172.16.13.1 255.255.255.248
bandwidth 64
no shutdown
!
end

Router R2

hostname R2
!
interface Loopback2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
no shutdown
!
interface Serial0/0/0
ip address 172.16.12.2 255.255.255.248
bandwidth 64
no shutdown
!
interface Serial0/0/1
ip address 172.16.23.2 255.255.255.248
clock rate 64000
bandwidth 64
no shutdown
!end

Router R3

hostname R3
!
interface Loopback3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
no shutdown
!
interface Serial0/0/0
ip address 172.16.13.3 255.255.255.248
clock rate 64000
bandwidth 64
no shutdown
!
interface Serial0/0/1
ip address 172.16.23.3 255.255.255.248
bandwidth 64
no shutdown
!
end

Step 2: Configure basic EIGRP.
a. Configure EIGRP AS 1 as in the previous EIGRP labs. Run EIGRP on all connections in the lab, and leave auto-summarization on. Advertise networks 10.0.0.0/8, 172.16.0.0/16, 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 from their respective routers.

b. Use the show ip eigrp neighbors command to check which routers have EIGRP adjacencies.

R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.2 Fa0/0 11 00:00:54 4 200 0 36
2 10.1.1.3 Fa0/0 11 00:00:54 13 200 0 39
1 172.16.12.2 Se0/0/0 14 00:14:18 27 2280 0 32
0 172.16.13.3 Se0/0/1 13 00:14:23 25 2280 0 37
R2# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.1 Fa0/0 10 00:02:05 1020 5000 0 35
2 10.1.1.3 Fa0/0 14 00:02:05 11 200 0 39
1 172.16.12.1 Se0/0/0 14 00:15:25 106 2280 0 32
0 172.16.23.3 Se0/0/1 13 00:16:59 1 2280 0 38
R3# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.1 Fa0/0 12 00:03:18 816 4896 0 34
2 10.1.1.2 Fa0/0 11 00:03:18 822 4932 0 35
1 172.16.13.1 Se0/0/0 14 00:16:47 22 2280 0 31
0 172.16.23.2 Se0/0/1 14 00:18:12 4 2280 0 33

Did you receive the output that you expected?
You should see the output shown above.

c. Run the following Tcl script on all routers to verify full connectivity.

R1# tclsh
foreach address {
10.1.1.1
172.16.12.1
172.16.13.1
192.168.1.1
10.1.1.2
172.16.12.2
172.16.23.2
192.168.2.2
10.1.1.3
172.16.13.3
172.16.23.3
192.168.3.3
} { ping $address }

You should get ICMP echo replies for every address pinged.

Step 3: Configure authentication keys.
Before you configure a link to authenticate the EIGRP adjacencies, you must configure the keys that are used for the authentication. EIGRP uses Cisco IOS generic router key chains as storage locations for keys. These key chains classify keys into groups, enabling keys to be easily changed periodically without bringing down adjacencies.

a. Use the key chain name command in global configuration mode to create a chain of keys with the label EIGRP-KEYS.

R1# conf t
R1(config)# key chain EIGRP-KEYS
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string cisco
R2# conf t
R2(config)# key chain EIGRP-KEYS
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string cisco
R3# conf t
R3(config)# key chain EIGRP-KEYS
R3(config-keychain)# key 1
R3(config-keychain-key)# key-string cisco

b. Issue the show key chain command. You should have the same output on every router.

R1# show key chain
Key-chain EIGRP-KEYS:
key 1 -- text "cisco"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]

You can set a time span for sending a key to other routers and during which a key is accepted from other routers. Although lifetime values are not explored in the route labs, you should keep it in mind for production networks when you are rolling from one set of authentication strings to another. For now, you simply want to authenticate the EIGRP adjacencies for security reasons.

Step 4: Configure EIGRP link authentication.
When configuring EIGRP link authentication, you must first associate the key chain with a particular EIGRP process (or autonomous system) running on the interface using the ip authentication key-chain eigrp as_number key key_chain_label command. Then you activate the MD5 authentication for that EIGRP process using the ip authentication mode eigrp as_number md5 command.

a. Apply the following commands on all active EIGRP interfaces.

R1# conf t
R1(config)# interface serial 0/0/0
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
R1(config-if)# interface serial 0/0/1
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
R1(config-if)# interface fastethernet 0/0
R1(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R1(config-if)# ip authentication mode eigrp 1 md5
R2# conf t
R2(config)# interface serial 0/0/0
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
R2(config-if)# interface serial 0/0/1
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
R2(config-if)# interface fastethernet 0/0
R2(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R2(config-if)# ip authentication mode eigrp 1 md5
R3# conf t
R3(config)# interface serial 0/0/0
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
R3(config-if)# interface serial 0/0/1
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5
R3(config-if)# interface fastethernet 0/0
R3(config-if)# ip authentication key-chain eigrp 1 EIGRP-KEYS
R3(config-if)# ip authentication mode eigrp 1 md5

Each EIGRP adjacency should flap (go down and come back up) when you implement MD5
authentication on one side of the link before the other side has been configured. In a production network, flapping causes some instability during a configuration, so make sure you implement MD5 outside of peak usage times.

b. Check the configuration with the show ip eigrp interfaces detail command.

R1# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 3 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/14 Un/reliable ucasts: 26/21
Mcast exceptions: 3 CR packets: 3 ACKs suppressed: 3
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 4 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 10/28
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 5
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 10/22
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 8
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Lo1 0 0/0 0 0/1 0 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 0/0
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is not set
Use multicast
R2# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 4 0/10 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/7 Un/reliable ucasts: 34/15
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Se0/0/0 1 0/0 1 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 19/17
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 7
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Se0/0/1 1 0/0 3 0/12 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 11/9
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 4
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Lo2 0 0/0 0 0/1 0 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 0/0
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is not set
Use multicast
R3# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 4 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/3 Un/reliable ucasts: 6/7
Mcast exceptions: 1 CR packets: 1 ACKs suppressed: 0
Retransmissions sent: 2 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 482 10/380 2732 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 3/7
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 109 10/380 904 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 4/7
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Lo3 0 0/0 0 0/1 0 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 0/0
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is not set
Use multicast

At this point, the interfaces are authenticating each adjacency with the EIGRP-KEYS key chain. Make sure that you verify the number of neighbors out each interface in the above output. Notice that the number of peers is the number of adjacencies established out that interface.

When EIGRP has a key chain associated with an autonomous system on a given interface and EIGRP isauthenticating its adjacencies, you have successfully completed the initial work.

c. Use the debug eigrp packets command to see the authenticated hellos.

R1# debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB,
SIAQUERY, SIAREPLY)
R1#
* Feb 9 19:10:51.090: EIGRP: Sending HELLO on Serial0/0/1
* Feb 9 19:10:51.090: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
* Feb 9 19:10:51.190: EIGRP: received packet with MD5 authentication, key id
= 1
* Feb 9 19:10:51.190: EIGRP: Received HELLO on Serial0/0/1 nbr 172.16.13.3
* Feb 9 19:10:51.190: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
peerQ un/rely 0/0
* Feb 9 19:10:51.854: EIGRP: received packet with MD5 authentication, key id
= 1
* Feb 9 19:10:51.854: EIGRP: Received HELLO on FastEthernet0/0 nbr 10.1.1.2
* Feb 9 19:10:51.854: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
peerQ un/rely 0/0
* Feb 9 19:10:53.046: EIGRP: received packet with MD5 authentication, key id
= 1
<output omitted>

d. Issue the undebug all command to stop the debugging output.

Step 5: Manipulate EIGRP timers.
The CIO also ordered you to change the hello and dead intervals on point-to-point serial interfaces so that dead neighbors are detected in roughly half the time that they are detected by default.

a. To view the default timers, use the show ip eigrp interfaces detail command.

R1# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 4 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/3 Un/reliable ucasts: 6/7
Mcast exceptions: 1 CR packets: 1 ACKs suppressed: 0
Retransmissions sent: 2 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 482 10/380 2732 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 3/7
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 109 10/380 904 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 4/7
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
<output omitted>

The default hello interval for point-to-point serial links is 5 seconds, regardless of the bandwidth, and 5 seconds for LAN interfaces. The default hold time is three times the length of the hello interval.

The hello interval determines how often outgoing EIGRP hellos are sent, while the hold time defines how long other neighbors tolerate the loss of the hello packets You are more concerned with the hold time than the hello interval, because the hold time detects a dead neighbor. However, you also want the neighbors to send the same number of hellos as under normal circumstances before declaring a neighbor dead.

The requirements from the CIO specify that the hold time should be roughly half of the default, which is 15 seconds, so a new hold time of 7 or 8 seconds would be appropriate. A shorter hold time allows a dead neighbor to be detected more quickly. A hello interval of 2 seconds results in detecting new neighbors more rapidly.

b. Change both the hello interval and the hold time for AS 1 for serial 0/0/0 on R1 and R2 using the ip hellointerval eigrp 1 2 and ip hold-time eigrp 1 8 commands. If necessary, use the ? to investigate what
each parameter does.

R1# conf t
R1(config)# interface serial 0/0/0
R1(config-if)# ip hello-interval eigrp 1 2
R1(config-if)# ip hold-time eigrp 1 8
R2# conf t
R2(config)# interface serial 0/0/0
R2(config-if)# ip hello-interval eigrp 1 2
R2(config-if)# ip hold-time eigrp 1 8

c. Verify that the hello interval has been successfully changed on routers R1 and R2 using the show ip eigrp 1 interfaces detail serial 0/0/0 command.

R1# show ip eigrp 1 interfaces detail serial 0/0/0
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast
Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0/0 1 0/0 482 10/380 2732 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 3/7
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
R2# show ip eigrp 1 interfaces detail serial 0/0/0
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast
Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0/0 1 0/0 190 10/380 1300 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 4/5
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast

d. Verify that the hold time has been successfully changed with the show ip eigrp neighbors command.

R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.2 Fa0/0 11 01:32:00 7 200 0 19
2 10.1.1.3 Fa0/0 12 01:32:03 1 200 0 18
1 172.16.12.2 Se0/0/0 7 01:32:27 482 2892 0 17
0 172.16.13.3 Se0/0/1 11 01:32:28 109 2280 0 19
R2# show ip eigrp neighbors
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.1 Fa0/0 14 01:30:33 816 4896 0 19
2 10.1.1.3 Fa0/0 12 01:30:33 819 4914 0 21
1 172.16.12.1 Se0/0/0 7 01:30:58 190 2280 0 21
0 172.16.23.3 Se0/0/1 13 01:30:59 80 2280 0 20

e. Configure the same hello interval and hold time on each active serial interface in the topology.

R1# conf t
R1(config)# interface serial 0/0/1
R1(config-if)# ip hello-interval eigrp 1 2
R1(config-if)# ip hold-time eigrp 1 8
R2# conf t
R2(config)# interface serial 0/0/1
R2(config-if)# ip hello-interval eigrp 1 2
R2(config-if)# ip hold-time eigrp 1 8
R3# conf t
R3(config)# interface serial 0/0/0
R3(config-if)# ip hello-interval eigrp 1 2
R3(config-if)# ip hold-time eigrp 1 8
R3(config-if)# interface serial 0/0/1
R3(config-if)# ip hello-interval eigrp 1 2
R3(config-if)# ip hold-time eigrp 1 8

f. Make sure that all of the EIGRP neighbor relationships remain up during the configuration process. Use the show ip eigrp neighbors command to verify the hold time, and the show ip eigrp interfaces detail command to verify the hello interval.

R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.2 Fa0/0 14 01:35:15 7 200 0 19
2 10.1.1.3 Fa0/0 12 01:35:18 1 200 0 18
1 172.16.12.2 Se0/0/0 7 01:35:43 482 2892 0 17
0 172.16.13.3 Se0/0/1 6 01:35:43 109 2280 0 19
R1# show ip eigrp interfaces detail
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 2 0/0 4 0/1 50 0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/3 Un/reliable ucasts: 6/7
Mcast exceptions: 1 CR packets: 1 ACKs suppressed: 0
Retransmissions sent: 2 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use multicast
Se0/0/0 1 0/0 482 10/380 2732 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 3/7
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
Se0/0/1 1 0/0 109 10/380 904 0
Hello interval is 2 sec
Next xmit serial <none>
Un/reliable mcasts: 0/0 Un/reliable ucasts: 4/7
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 2
Retransmissions sent: 0 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "EIGRP-KEYS"
Use unicast
<output omitted>

g. Run the Tcl script again to make sure you still have full connectivity after making the changes to the EIGRP default configuration. You should receive all ICMP echo replies back successfully.

Router Interface Summary Table

Router Interface Summary
Router Model Ethernet Interface
#1		 Ethernet Interface
#2		 Serial Interface
#1		 Serial Interface
#2
1700 Fast Ethernet 0
(Fa0)		 Fast Ethernet 1
(Fa1)		 Serial 0 (S0) Serial 0/0/1
(S0/0/1)
1800 Fast Ethernet 0/0
(Fa0/0)		 Fast Ethernet 0/1
(Fa0/1)		 Serial 0/0/0
(S0/0/0)		 Serial 0/0/1
(S0/0/1)
2600 Fast Ethernet 0/0
(Fa0/0)		 Fast Ethernet 0/1
(Fa0/1)		 Serial 0/0 (S0/0) Serial 0/1 (S0/1)
2800 Fast Ethernet 0/0
(Fa0/0)		 Fast Ethernet 0/1
(Fa0/1)		 Serial 0/0/0
(S0/0/0)		 Serial 0/0/1
(S0/0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. Rather than list all combinations of configurations for each router class, this table includes identifiers for the possible combinations of Ethernet and serial interfaces in the device. The table does not include any other type of interface, even though a specific router might contain one. For example, for an ISDN BRI interface, the string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Device Configurations (Instructor version)
Router R1

hostname R1
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.1 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.13.1 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
auto-summary
! 
end

Router R2

hostname R2
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.12.2 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.2 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.2.0
auto-summary
! 
end

Router R3

hostname R3
!
key chain EIGRP-KEYS
key 1
key-string cisco
!
interface Loopback3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 172.16.13.3 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
clock rate 64000
no shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 172.16.23.3 255.255.255.248
ip hello-interval eigrp 1 2
ip hold-time eigrp 1 8
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP-KEYS
no shutdown
! 
router eigrp 1
network 10.0.0.0
network 172.16.0.0
network 192.168.3.0
auto-summary
!
end

More Resources