Scribd
Upload
112 views

Lab 3

lab 3

Uploaded by

Tomas Rodriguez Ramirez
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
112 views

Lab 3

lab 3

Uploaded by

Tomas Rodriguez Ramirez
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Lab ID: 9.9K1116A073.I4RP2.

EIGRP Authentication I
Objective
Understand the Enhanced Interior Gateway Routing Protocol (EIGRP) authentication process, and
configure the routers in the simulated network to require EIGRP authentication before they advertise routes
to or accept routing table updates from EIGRP neighbors.

Lab Topology
The topology diagram below represents the NetMap in the Simulator. The simulated network for this lab
consists of five routers connected by point-to-point WAN links. Each router also has a LAN connected to its
FastEthernet interface. Each LAN has one host PC connected. This simulated network is comparable to an
actual network connecting five geographically separate offices, each with a LAN to which desktop PCs and
servers are connected. The network is fully functional. You should be able to log on to the console of any
device and successfully ping any of the other devices in the network.

HostB S0/1 HostC


192.168.1.2 192.168.100.5 S0/0
192.168.100.6 192.168.4.2
Fa0/0 Fa0/0
192.168.1.1 Daytona 192.168.4.1
Orlando 64K
S0/0 S0/1
192.168.100.1 192.168.100.13

HostA HostD
192.168.2.2 S0/0 192.168.3.2
S0/1
192.168.100.2 192.168.100.14
Fa0/0
512K Fa0/0
192.168.2.1 192.168.3.1
S0/1 S0/0
Tampa 192.168.100.9 192.168.100.10 Miami
Fa0/1
192.168.100.17
Fa0/1
192.168.100.18

Fa0/0 Key West


HostE 192.168.5.1
192.168.5.2

Command Summary
Command Description
clear ip route * clears the IP routing table
configure terminal enters global configuration mode from privileged EXEC mode
enable enters privileged EXEC mode
end ends and exits configuration mode
exit exits one level in the menu structure

1 Boson NetSim Lab Manual


Command Description
interface type number changes from global configuration mode to interface
configuration mode
ip authentication key-chain eigrp enables authentication of EIGRP packets
autonomous-system-number key-chain
ip authentication mode eigrp specifies the type of authentication used in EIGRP packets
autonomous-system-number md5
key chain key-chain-name creates or modifies a key chain
key key-id creates or modifies a key chain key
key-string key-string-text specifies the authentication string for the key
ping ip-address sends an Internet Control Message Protocol (ICMP) echo
request to the specified address
show ip interface brief displays a brief summary of interface status and configuration
show ip protocols displays information about active routing protocols
show ip route displays the IP routing table
show running-config displays the active configuration file
traceroute ip-address displays the network path to a given destination; is used on
Cisco workstations
tracert ip-address displays the network path to a given destination; is used on
Microsoft Windows workstations

The IP addresses and subnet masks used in this lab are shown in the following tables:

IP Addresses
Device Interface IP Address Subnet Mask
Daytona Serial 0/0 192.168.100.6 255.255.255.252
Serial 0/1 192.168.100.13 255.255.255.252
FastEthernet 0/0 192.168.4.1 255.255.255.0
KeyWest FastEthernet 0/1 192.168.100.18 255.255.255.252
FastEthernet 0/0 192.168.5.1 255.255.255.0
Miami Serial 0/0 192.168.100.10 255.255.255.252
Serial 0/1 192.168.100.14 255.255.255.252
FastEthernet 0/1 192.168.100.17 255.255.255.252
FastEthernet 0/0 192.168.3.1 255.255.255.0
Orlando Serial 0/0 192.168.100.1 255.255.255.252
Serial 0/1 192.168.100.5 255.255.255.252
FastEthernet 0/0 192.168.1.1 255.255.255.0
Tampa Serial 0/0 192.168.100.2 255.255.255.252
Serial 0/1 192.168.100.9 255.255.255.252
FastEthernet 0/0 192.168.2.1 255.255.255.0

2 Boson NetSim Lab Manual


Device IP Address Subnet Mask Default Gateway
HostA 192.168.2.2 255.255.255.0 192.168.2.1
HostB 192.168.1.2 255.255.255.0 192.168.1.1
HostC 192.168.4.2 255.255.255.0 192.168.4.1
HostD 192.168.3.2 255.255.255.0 192.168.3.1
HostE 192.168.5.2 255.255.255.0 192.168.5.1

Lab Tasks
The routers have been configured with admin as the password at console prompts, cisco as the password
at enable prompts, and sanfran as the virtual terminal (vty) password.

Task 1: Examine the Initial Network Configuration


A. Verify Routing
1. On KeyWest, display the routing table. Compare these routes to the networks shown on the network
topology diagram. Are routes to all networks present? ___________________________________

2. How many possible paths could be taken by traffic between HostE and HostB? _______________

3. What path does traffic from HostE follow as it moves through the network to HostB? ___________

4. Why do the routers in this network choose the path you noted in the previous step? ____________
______________________________________________________________________________

5. What is the EIGRP autonomous system (AS) number in the simulated network? _______________
What purpose does this number serve? ______________________________________________
______________________________________________________________________________

B. Verify Connectivity
1. From HostE, ping HostA (192.168.2.2), HostB (192.168.1.2), HostC (192.168.4.2), and HostD
(192.168.3.2). Are these pings successful? ____________________________________________

2. From HostB, ping KeyWest’s FastEthernet 0/0 interface (192.168.5.1). Is this ping successful? ___

Task 2: Understand EIGRP Authentication


A. Understand Unauthenticated EIGRP
1. Full connectivity is established when you load this lab. EIGRP is properly configured, and routes
are being advertised between neighbors. Briefly explain the requirements for routers that are using
EIGRP to exchange routing table updates. ____________________________________________

3 Boson NetSim Lab Manual


2. What security risks related to EIGRP exist when a network is configured in this manner? ________

B. Understand Authenticated EIGRP


1. Briefly explain how implementing EIGRP authentication might mitigate the security risks that you
previously described. _____________________________________________________________
______________________________________________________________________________

2. What are some potential disadvantages of EIGRP authentication? How might they be mitigated?
______________________________________________________________________________
______________________________________________________________________________

Task 3: Implement EIGRP Authentication


A. Configure the Authentication Credentials
1. On KeyWest, create a key chain named MyKeyChain1 and add a key with the key string sanjose.
Create this key as key 1.

2. On Miami, create a key chain named MyKeyChain2 and add a key with the key string sanjose.
Create this key as key 1.

3. Prepare to set up EIGRP authentication between KeyWest and Miami. Which interfaces on these
routers are responsible for sending routing table updates between KeyWest and Miami? ________
______________________________________________________________________________

4. Configure the authentication mode on the interfaces you noted in the previous step. The EIGRP
authentication mode is configured on a per-interface basis. You should configure the EIGRP
authentication mode on the router interfaces that are responsible for sending routing table updates
between KeyWest and Miami.

5. On KeyWest, configure the authentication key that will be used for EIGRP authentication. Reference
the key chain that you created earlier.

6. On Miami, configure the authentication key that will be used for EIGRP authentication. Reference
the key chain that you created earlier.

7. Do key chain names need to be identical on each router? Do key strings need to be identical? ___
______________________________________________________________________________

8. What type of hash are key strings used to create? ______________________________________

9. Is Miami sending EIGRP updates from or receiving updates on its LAN interface? _____________

10. Is KeyWest sending EIGRP updates from or receiving updates on its LAN interface? ___________

11. Why might it be a good idea to configure EIGRP authentication on the FastEthernet interfaces of
KeyWest and Miami? _____________________________________________________________

4 Boson NetSim Lab Manual


Task 4: Verify EIGRP Authentication
A. Verify Routing Tables
1. Display the routing table on KeyWest. Compare the current contents of the routing table with
the routes you previously observed. Do you see any changes since implementing EIGRP
authentication? Briefly explain. _____________________________________________________
______________________________________________________________________________

B. Verify Connectivity
1. From HostE, ping HostA (192.168.2.2), HostB (192.168.1.2), HostC (192.168.4.2), and HostD
(192.168.3.2). Are these pings successful? ____________________________________________
If not, review and correct your configuration.

2. From HostB, ping KeyWest’s FastEthernet 0/0 interface (192.168.5.1). Is this ping successful? ___
If not, review and correct your configuration.

C. Verify Authentication
1. Remove the key chain from KeyWest.

2. Delete all routes from KeyWest’s routing table.

3. After the network has converged, display KeyWest’s routing table. What do you observe? _______
______________________________________________________________________________

4. How are the changes that you observed in the routing table related to the removal of the key chain?
Briefly explain. __________________________________________________________________
______________________________________________________________________________

5. On KeyWest, re-create the key chain that you previously deleted.

6. After the network has converged, display KeyWest’s routing table. What do you observe? _______
______________________________________________________________________________

7. Based on the behavior you observed in the previous steps, what conclusion can you draw regarding
the operation of EIGRP authentication between KeyWest and Miami? _______________________
______________________________________________________________________________

5 Boson NetSim Lab Manual


D. Complete the Network Configuration
1. For more experience with EIGRP authentication, configure EIGRP authentication on the Tampa–
Orlando serial links. The configuration is not graded as part of this lab.

2. Configure EIGRP authentication on the Tampa–Miami serial links. The configuration is not graded as
part of this lab.

3. Configure EIGRP authentication on the Miami–Daytona serial links. The configuration is not graded
as part of this lab.

4. Configure EIGRP authentication on the Daytona–Orlando serial links. The configuration is not
graded as part of this lab.

Once you have completed this lab, be sure to check your work by using the grading function.
You can do so by clicking the Grade Lab icon ( ) in the toolbar or by pressing Ctrl+G.

6 Boson NetSim Lab Manual


Lab Solutions
The routers have been configured with admin as the password at console prompts, cisco as the password
at enable prompts, and sanfran as the virtual terminal (vty) password.

Task 1: Examine the Initial Network Configuration


A. Verify Routing
1. Output from the show ip route command issued on KeyWest shows that routes to all networks are
present in the routing table. Sample output is shown below:

KeyWest#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route

Gateway of last resort is not set

C 192.168.5.0 is directly connected, FastEthernet0/0


192.168.100.0/30 is subnetted, 5 subnets
D 192.168.100.8 [90/5514496] via 192.168.100.17, 00:01:09, FastEthernet0/1
D 192.168.100.4 [90/41026560] via 192.168.100.17, 00:01:09, FastEthernet0/1
D 192.168.100.12 [90/5514496] via 192.168.100.17, 00:01:09, FastEthernet0/1
D 192.168.100.0 [90/6026496] via 192.168.100.17, 00:01:09, FastEthernet0/1
C 192.168.100.16 is directly connected, FastEthernet0/1
D 192.168.2.0 [90/5517056] via 192.168.100.17, 00:01:09, FastEthernet0/1
D 192.168.3.0 [90/5005056] via 192.168.100.17, 00:01:09, FastEthernet0/1
D 192.168.1.0 [90/6029056] via 192.168.100.17, 00:01:09, FastEthernet0/1
D 192.168.4.0 [90/5517056] via 192.168.100.17, 00:01:09, FastEthernet0/1

2. There are two possible paths from HostE to HostB:

KeyWest to Miami to Daytona to Orlando


KeyWest to Miami to Tampa to Orlando

3. You can use the tracert command to determine the path that traffic takes from HostE to HostB
(192.168.1.2). Traffic first goes to the default gateway of HostE, which is KeyWest (192.168.5.1).
The traffic then travels from KeyWest to Miami (192.168.100.17), then to Tampa (192.168.100.9),
and finally to Orlando (192.168.100.1), which will deliver the traffic to its destination, HostB
(192.168.1.2). This route from HostE to HostB is shown in the output below:

C:>tracert 192.168.1.2

“Type escape sequence to abort.”


Tracing the route to 192.168.1.2

1 192.168.5.1 0 msec 16 msec 0 msec


2 192.168.100.17 20 msec 16 msec 16 msec
3 192.168.100.9 20 msec 16 msec 16 msec
4 192.168.100.1 20 msec 16 msec 16 msec
5 192.168.1.2 20 msec 16 msec *

7 Boson NetSim Lab Manual


4. The EIGRP routing protocol chooses the KeyWest to Miami to Tampa to Orlando path because all
the links in this path are 512-kilobits per second (Kbps) links. The Daytona to Orlando link is 64-
Kbps and is therefore avoided if better paths are available.

5. You can use the show ip protocols command to determine that the EIGRP AS number in the
simulated network is 100. This number uniquely identifies an EIGRP process. It is possible to run
multiple EIGRP processes on the same router by giving each instance of EIGRP its own AS number.
The network commands, which are a part of the EIGRP configuration, determine which interfaces
are associated with which EIGRP processes. Sample output from is shown below:

KeyWest#show ip protocols
Routing Protocol is “eigrp 100”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing:
Automatic network summarization is not in effect
Routing for Networks:
192.168.100.0
192.168.5.0
Routing Information Sources:
Gateway Distance Last Update
192.168.100.17 90 00:00:45
Distance: internal 90 external 170

B. Verify Connectivity
1. Yes, pings from HostE to HostA (192.168.2.2), HostB (192.168.1.2), HostC (192.168.4.2), and HostD
(192.168.3.2) are successful.

C:>ping 192.168.2.2
C:>ping 192.168.1.2
C:>ping 192.168.4.2
C:>ping 192.168.3.2

2. Yes, a ping from HostB to KeyWest’s FastEthernet 0/0 interface (192.168.5.1) is successful.

C:>ping 192.168.5.1

8 Boson NetSim Lab Manual


Task 2: Understand EIGRP Authentication
A. Understand Unauthenticated EIGRP
1. For two routers to form an EIGRP relationship and exchange routing table updates, the following
conditions must be met:
a. The routers must be configured with EIGRP.
b. The routers must have interfaces that are either directly connected or connected to a common
multiaccess media such as Ethernet.
c. The routers must be configured with the same AS number.
d. The routers must have the appropriate network commands, which are used to configure EIGRP
to use the interfaces that form the link between the two routers.

2. The major security risk associated with unauthenticated EIGRP is that any router added to the
network can be configured with EIGRP and will automatically be included in the EIGRP topology
as long as the AS number and network requirements are met. It is possible that an unknown or
unauthorized router could be accidentally or maliciously connected to the network. This router could
then be configured to negatively impact the routing topology of the entire network.

B. Understand Authenticated EIGRP


1. Message Digest 5 (MD5) is a security protocol that creates a 128-bit hash value based on variable-
length plain text. Hashing algorithms convert input of any length into a fixed-length hash value.
Hash values are often used to ensure the integrity of data; if the data is altered, the hash value of
the original data will not match the hash value of the altered data. Routers configured with message
digest authentication use the preshared authentication key, sanjose in this lab, to compute an
MD5 hash, which is included in the EIGRP packets. The neighbor also computes an MD5 hash
from its authentication key and compares the two hash values. Routers configured with EIGRP
authentication will only accept updates from EIGRP neighbors that have been configured with the
same authentication key. This ensures that routing table updates are received only from trusted
sources; however, if the key becomes compromised as a result of poor administrative practices,
updates may come from untrusted sources.

2. A potential disadvantage of using EIGRP authentication is the additional administrative overhead.


Good key management practices, such as securely storing configuration backups and maintaining
good network documentation, will reduce the administrative effort.

Task 3: Implement EIGRP Authentication


A. Configure the Authentication Credentials
1. On KeyWest, issue the following commands to create the correct key chain:

KeyWest(config)#key chain MyKeyChain1


KeyWest(config-keychain)#key 1
KeyWest(config-keychain-key)#key-string sanjose

9 Boson NetSim Lab Manual


2. On Miami, issue the following commands to create the correct key chain:

Miami(config)#key chain MyKeyChain2


Miami(config-keychain)#key 1
Miami(config-keychain-key)#key-string sanjose

3. KeyWest’s FastEthernet 0/1 interface and Miami’s FastEthernet 0/1 interface are directly connected
to each other and are therefore responsible for sending EIGRP updates between these two routers.

4. On KeyWest and Miami, issue the following commands to configure the EIGRP authentication mode:

KeyWest(config-keychain-key)#interface fastethernet 0/1


KeyWest(config-if)#ip authentication mode eigrp 100 md5

Miami(config-keychain-key)#interface fastethernet 0/1


Miami(config-if)#ip authentication mode eigrp 100 md5

The EIGRP authentication mode is configured on a per-interface basis. You should configure the
EIGRP authentication mode on the router interfaces that are responsible for sending routing table
updates between KeyWest and Miami.

5. On KeyWest, use the following command to configure the authentication key that will be used for
EIGRP authentication:

KeyWest(config-if)#ip authentication key-chain eigrp 100 MyKeyChain1

6. On Miami, use the following command to configure the authentication key that will be used for
EIGRP authentication:

Miami(config-if)#ip authentication key-chain eigrp 100 MyKeyChain2

7. The names of the key chains do not have to be identical on each router. The key strings, however,
must be identical.

8. The key strings are used to create an MD5 hash, which is included in each EIGRP packet sent from
the selected interface. The router receiving the EIGRP packet will generate its own MD5 hash from
its key chain. If the hashes match, the EIGRP packet will be accepted and processed. Remember
that you should configure the EIGRP authentication mode on both routers and the key strings must
match on both routers.

9. Miami is the only router connected to its LAN; therefore, it is not currently sending EIGRP updates
from or receiving EIGRP updates on its FastEthernet 0/0 interface.

10. KeyWest the only router connected to its LAN; therefore, it is not currently sending EIGRP updates
from or receiving EIGRP updates on its FastEthernet 0/0 interface.

11. It would be a good practice to configure EIGRP authentication on KeyWest’s FastEthernet 0/0
interface and on Miami’s FastEthernet 0/0 interface to protect the routing topology in the event that
an unknown or unauthorized router is connected to the Miami LAN or the KeyWest LAN.

10 Boson NetSim Lab Manual


Task 4: Verify EIGRP Authentication
A. Verify Routing Tables
1. There should be no changes to KeyWest’s routing table as a result of implementing EIGRP
authentication. If routes are missing after you configure EIGRP authentication, you should
investigate and correct any authentication problems. Sample output from the show ip route
command is shown below:

KeyWest#show ip route
<output omitted>

C 192.168.5.0 is directly connected, FastEthernet0/0


192.168.100.0/30 is subnetted, 5 subnets
D 192.168.100.0 [90/6026496] via 192.168.100.17, 00:00:54, FastEthernet0/1
D 192.168.100.4 [90/41026560] via 192.168.100.17, 00:00:54, FastEthernet0/1
D 192.168.100.8 [90/5514496] via 192.168.100.17, 00:00:54, FastEthernet0/1
D 192.168.100.12 [90/5514496] via 192.168.100.17, 00:00:54, FastEthernet0/1
C 192.168.100.16 is directly connected, FastEthernet0/1
D 192.168.3.0 [90/5005056] via 192.168.100.17, 00:00:54, FastEthernet0/1
D 192.168.4.0 [90/5517056] via 192.168.100.17, 00:00:54, FastEthernet0/1
D 192.168.2.0 [90/5517056] via 192.168.100.17, 00:00:54, FastEthernet0/1
D 192.168.1.0 [90/6029056] via 192.168.100.17, 00:00:54, FastEthernet0/1

B. Verify Connectivity
1. Yes, pings from HostE to HostA (192.168.2.2), HostB (192.168.1.2), HostC (192.168.4.2), and HostD
(192.168.3.2) should be successful.

C:>ping 192.168.2.2
C:>ping 192.168.1.2
C:>ping 192.168.4.2
C:>ping 192.168.3.2

2. Yes, a ping from HostB to KeyWest’s FastEthernet 0/0 interface (192.168.5.1) should be successful.

C:>ping 192.168.5.1

C. Verify Authentication
1. On KeyWest, issue the following commands to remove the key chain:

KeyWest(config)#interface fastethernet 0/1


KeyWest(config-if)#no ip authentication mode eigrp 100 md5
KeyWest(config-if)#no ip authentication key-chain eigrp 100 MyKeyChain1

2. Issue the following command to delete all routes from KeyWest’s routing table:

KeyWest#clear ip route *

11 Boson NetSim Lab Manual


3. After the network has converged, issue the show ip route command on KeyWest to display the
routing table. You should notice that all the EIGRP routes are absent. Sample output is shown
below:

KeyWest#show ip route
<output omitted>

Gateway of last resort is not set

C 192.168.5.0 is directly connected, FastEthernet0/0


192.168.100.0/24 is variably subnetted, 1 subnets
C 192.168.100.16/30 is directly connected, FastEthernet0/1

4. Removing the key chain from KeyWest prevents KeyWest from authenticating with Miami;
therefore, Miami no longer accepts EIGRP packets from KeyWest, thereby ending the EIGRP
neighbor relationship between Miami and KeyWest. As a result, the EIGRP routes are dropped from
KeyWest’s routing table.

5. On KeyWest, issue the following commands to add the key chain to the FastEthernet 0/1 interface
on KeyWest:

KeyWest(config)#interface fastethernet 0/1


KeyWest(config-if)#ip authentication mode eigrp 100 md5
KeyWest(config-if)#ip authentication key-chain eigrp 100 MyKeyChain1

6. After the network has converged, issue the show ip route command on KeyWest. Because you re-
created the key chain on KeyWest, the router can once again authenticate with the EIGRP process
on Miami, thus restoring the EIGRP neighbor relationship between KeyWest and Miami; as a result,
KeyWest and Miami once again begin to exchange EIGRP packets and the EIGRP routes are put
back into KeyWest’s routing table. Sample output is shown below:

KeyWest#show ip route
<output omitted>

Gateway of last resort is not set

C 192.168.5.0 is directly connected, FastEthernet0/0


192.168.100.0/30 is subnetted, 5 subnets
D 192.168.100.0 [90/6026496] via 192.168.100.17, 00:04:07, FastEthernet0/1
D 192.168.100.4 [90/41026560] via 192.168.100.17, 00:04:07, FastEthernet0/1
D 192.168.100.8 [90/5514496] via 192.168.100.17, 00:04:07, FastEthernet0/1
D 192.168.100.12 [90/5514496] via 192.168.100.17, 00:04:07, FastEthernet0/1
C 192.168.100.16 is directly connected, FastEthernet0/1
D 192.168.3.0 [90/5005056] via 192.168.100.17, 00:04:07, FastEthernet0/1
D 192.168.4.0 [90/5517056] via 192.168.100.17, 00:04:07, FastEthernet0/1
D 192.168.2.0 [90/5517056] via 192.168.100.17, 00:04:07, FastEthernet0/1
D 192.168.1.0 [90/6029056] via 192.168.100.17, 00:04:07, FastEthernet0/1

7. Based on the behavior observed in the previous steps, EIGRP authentication will allow routes to be
advertised between routers only if those routes are configured with a valid key.

12 Boson NetSim Lab Manual


D. Complete the Network Configuration
1. Use the commands you learned in the previous tasks to configure EIGRP authentication on the
Tampa–Orlando serial links. The configuration is not graded as part of this lab.

Tampa(config)#key chain MyKeyChain1


Tampa(config-keychain)#key 1
Tampa(config-keychain-key)#key-string sanjose
Tampa(config-keychain-key)#interface serial 0/0
Tampa(config-if)#ip authentication mode eigrp 100 md5
Tampa(config-if)#ip authentication key-chain eigrp 100 MyKeyChain1

Orlando(config)#key chain MyKeyChain2


Orlando(config-keychain)#key 1
Orlando(config-keychain-key)#key-string sanjose
Orlando(config-keychain-key)#interface serial 0/0
Orlando(config-if)#ip authentication mode eigrp 100 md5
Orlando(config-if)#ip authentication key-chain eigrp 100 MyKeyChain2

2. Use the commands you learned in the previous tasks to configure EIGRP authentication on the
Tampa–Miami serial links. The configuration is not graded as part of this lab.

Tampa(config)#key chain MyKeyChain1


Tampa(config-keychain)#key 1
Tampa(config-keychain-key)#key-string sanjose
Tampa(config-keychain-key)#interface serial 0/1
Tampa(config-if)#ip authentication mode eigrp 100 md5
Tampa(config-if)#ip authentication key-chain eigrp 100 MyKeyChain1

Miami(config)#key chain MyKeyChain2


Miami(config-keychain)#key 1
Miami(config-keychain-key)#key-string sanjose
Miami(config-keychain-key)#interface serial 0/0
Miami(config-if)#ip authentication mode eigrp 100 md5
Miami(config-if)#ip authentication key-chain eigrp 100 MyKeyChain2

3. Use the commands you learned in the previous tasks to configure EIGRP authentication on the
Miami–Daytona serial links. The configuration is not graded as part of this lab.

Miami(config)#key chain MyKeyChain1


Miami(config-keychain)#key 1
Miami(config-keychain-key)#key-string sanjose
Miami(config-keychain-key)#interface serial 0/1
Miami(config-if)#ip authentication mode eigrp 100 md5
Miami(config-if)#ip authentication key-chain eigrp 100 MyKeyChain1

Daytona(config)#key chain MyKeyChain2


Daytona(config-keychain)#key 1
Daytona(config-keychain-key)#key-string sanjose
Daytona(config-keychain-key)#interface serial 0/1
Daytona(config-if)#ip authentication mode eigrp 100 md5
Daytona(config-if)#ip authentication key-chain eigrp 100 MyKeyChain2

13 Boson NetSim Lab Manual


4. Use the commands you learned in the previous tasks to configure EIGRP authentication on the
Daytona–Orlando serial links. The configuration is not graded as part of this lab.

Daytona(config)#key chain MyKeyChain1


Daytona(config-keychain)#key 1
Daytona(config-keychain-key)#key-string sanjose
Daytona(config-keychain-key)#interface serial 0/0
Daytona(config-if)#ip authentication mode eigrp 100 md5
Daytona(config-if)#ip authentication key-chain eigrp 100 MyKeyChain1

Orlando(config)#key chain MyKeyChain2


Orlando(config-keychain)#key 1
Orlando(config-keychain-key)#key-string sanjose
Orlando(config-keychain-key)#interface serial 0/1
Orlando(config-if)#ip authentication mode eigrp 100 md5
Orlando(config-if)#ip authentication key-chain eigrp 100 MyKeyChain2

14 Boson NetSim Lab Manual


Sample Configuration Scripts
Miami Miami (continued)
Miami#show running-config router eigrp 100
Building configuration... network 192.168.3.0
Current configuration : 1234 bytes network 192.168.100.0
! !
Version 15.b ip classless
service timestamps debug uptime no ip http server
service timestamps log uptime !
no service password-encryption line con 0
! login
hostname Miami password admin
enable secret 5 $1$lYSY$Ai2eZ8KpUCL9ptJCN1c41w line aux 0
! line vty 0 4
key chain MyKeyChain2 login
key 1 password sanfran
key-string sanjose !
! no scheduler allocate
ip subnet-zero end
!
ip cef
no ip domain-lookup
!
interface Serial0/0
description ToTampa
ip address 192.168.100.10 255.255.255.252
no ip directed-broadcast
clock rate 64000
bandwidth 512
!
interface Serial0/1
description toDaytona
ip address 192.168.100.14 255.255.255.252
no ip directed-broadcast
clock rate 64000
bandwidth 512
!
interface FastEthernet0/0
description MiamiLAN
ip address 192.168.3.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/1
description toKeyWest
ip address 192.168.100.17 255.255.255.252
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 MyKeyChain2
no ip directed-broadcast
bandwidth 512
!

15 Boson NetSim Lab Manual


KeyWest KeyWest (continued)
KeyWest#show running-config router eigrp 100
Building configuration... network 192.168.100.0
Current configuration : 1075 bytes network 192.168.5.0
! !
Version 15.b ip classless
service timestamps debug uptime no ip http server
service timestamps log uptime !
no service password-encryption line con 0
! login
hostname KeyWest password admin
enable secret 5 $1$lYSY$Ai2eZ8KpUCL9ptJCN1c41w line aux 0
! line vty 0 4
key chain MyKeyChain1 login
key 1 password sanfran
key-string sanjose !
! no scheduler allocate
ip subnet-zero end
!
ip cef
no ip domain-lookup
!
interface Serial0/0
no ip address
no ip directed-broadcast
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet0/0
description KeyWestLAN
ip address 192.168.5.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/1
description toMiami
ip address 192.168.100.18 255.255.255.252
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 MyKeyChain1
no ip directed-broadcast
bandwidth 512
!

Copyright © 1996–2017 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.

16 Boson NetSim Lab Manual

You might also like