Prerequisites: CCNP level skills.
Topology
Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.plTask1
Configure EIGRP authentication on Frame-Relay link with the seamless key rotation (no interruption in the service). Below are the parameters to be used:
- key 1 uses string 'CISCO1' and should be sent between 12:00:00 on Jan 1st 2011 and 12:10:00 on April 30th.
- key 1 should be accepted 5 minutes past its sending time.
- key 2 uses string 'CISCO2' and should be sent starting 12:00:00 on April 30th till the end of 2011 and valid forever.
Task1
Configure EIGRP authentication on Frame-Relay link with the seamless key rotation (no interruption in the service). Below are the parameters to be used:
- key 1 uses string 'CISCO1' and should be sent between 12:00:00 on Jan 1st 2011 and 12:10:00 on April 30th.
- key 1 should be accepted 5 minutes past its sending time.
- key 2 uses string 'CISCO2' and should be sent starting 12:00:00 on April 30th till the end of 2011 and valid forever.
For the key rotation to work correctly, NTP service must be in use synchronizing the time on all routers. Since, I do not have NTP service enabled, I'll set up the clock manually.
Pic 2 - Date on the Routers.
R1, R2 and R3 configuration
!
key chain EIGRP_KEYS
key 1
key-string CISCO1
accept-lifetime 12:00:00 Jan 1 2011 12:15:00 Apr 30 2011
send-lifetime 12:00:00 Jan 1 2011 12:10:00 Apr 30 2011
key 2
key-string CISCO2
accept-lifetime 12:00:00 Apr 30 2011 infinite
send-lifetime 12:00:00 Apr 30 2011 infinite
key 1
key-string CISCO1
accept-lifetime 12:00:00 Jan 1 2011 12:15:00 Apr 30 2011
send-lifetime 12:00:00 Jan 1 2011 12:10:00 Apr 30 2011
key 2
key-string CISCO2
accept-lifetime 12:00:00 Apr 30 2011 infinite
send-lifetime 12:00:00 Apr 30 2011 infinite
!
interface Serial0/0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP_KEYS
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP_KEYS
!
Verification:
Pic. 3 - Key Chain.
Pic. 4 - R3 EIGRP Neighbors.