EIGRP authentication is used to prevent an attacker from forming the EIGRP neighbor relationship with your router and advertising incorrect routing information. By using the same preshared key (PSK) on all routers you can force EIGRP to authenticate each EIGRP message. That way you can ensure that your router accepts routing updates only from the trusted sources. To authenticate every message, the MD5 (Message Digest 5) algorithm is used.
Three steps are required to configure EIGRP authentication:
- 1. creating a keychain
- 2. specifying a key string for a key
- 3. configuring EIGRP to use authentication
EIGRP uses the concept of key chains. Each key chain can have many keys, just like in real life. You can specify a different lifetime interval of each key. That way the second key in a key chain can be used after the first one is expired, the third one after the second and so on. After you have created a key chain with the corresponding keys, you need to enable EIGRP authentication for a particular interface.