- The passive-interface command in EIGRP, stops the sending of updates out an interface. Unlike RIPv2, however, passive-interface in EIGRP will prevent forming of an adjacency on the interface because it stops sending EIGRP Hello packets as well
- The passive-interface default command can be used to make all interfaces passive, and then interfaces can have the passive feature selectively disabled with the no passive-interface command
R9:
router eigrp 100
passive-interface default
no passive-interface GigabitEthernet1.79EIGRP MD5 & SHA-256 Authentication
- MD5 authentication in classic mode is applied at link level
SW1:
key chain SW1_KEY
key 0
key-string SW!_Key
!
interface Vlan121
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SW1_KEY
!- MD5 authentication in Multi-AF (Named) Mode is applied at the af-interface mode
- SHA-256 authentication can also be applied in name mode but it didn't support "key chains"
- In EIGRP Named Mode options applied to all links at the same time can be configured at the "af-interface default". Within the scope of authentication, this can be used to configure a default key for all interfaces, or a default fallback key for interfaces that do not have a specific key applied:
key chain MD5_KEYS
key 1
key-string MD5_PASS
!
router eigrp MULTI-AF
!
address-family ipv4 unicast autonomous-system 100
!
af-interface Tunnel0
authentication mode hmac-sha-256 SHA_KEY
exit-af-interface
!
af-interface GigabitEthernet1.146
authentication mode md5
authentication key-chain MD5_KEYS
exit-af-interfacerouter eigrp MULTI-AF
!
address-family ipv4 unicast autonomous-system 100
!
af-interface default
authentication mode hmac-sha-256 SHA_DEFAULT
exit-af-interface
!
No comments:
Post a Comment