Lab 2 - Part 2 - Configuring EIGRP Authentication and Unequal Cost Load Balancing
Continuing on from Part 1 - Configuring EIGRP, where we built our EIGRP network, we'll now configure EIGRP Authentication and Unequal Cost Lost Balancing using the variance command.
In case you skipped Part 1, here's the network we'll be using:
We'll first configure EIGRP authentication on all our routers.
R0#configure terminal R0(config)#key chain foochain R0(config-keychain)#key 1 R0(config-keychain-key)#key-string hax0r R0(config-keychain-key)#interface serial 1/0 R0(config-if)#ip authentication mode eigrp 100 md5 R0(config-if)#ip authentication key-chain eigrp 100 foochain R0(config)#interface ethernet 0/0 R0(config-if)#ip authentication mode eigrp 100 md5 R0(config-if)#ip authentication key-chain eigrp 100 foochain R2#configure terminal R2(config)#key chain foochain R2(config-keychain)#key 1 R2(config-keychain-key)#key-string hax0r R2(config-keychain-key)#interface serial 0/0 R2(config-if)#ip authentication mode eigrp 100 md5 R2(config-if)#ip authentication key-chain eigrp 100 foochain R2(config-if)#interface serial 0/1 R2(config-if)#ip authentication mode eigrp 100 md5 R2(config-if)#ip authentication key-chain eigrp 100 foochain
When authentication is only configured on R0 and R2, R0's route for the 172.16.1.128/25 network now goes over the serial link. This is because we haven't yet configured authentication on R3 so R0 doesn't accept the routing advertisements. The routing table from R0 below shows this:
Gateway of last resort is not set
D 192.168.30.0/24 [90/21152000] via 10.3.3.2, 00:00:47, Serial1/0
C 192.168.10.0/24 is directly connected, Loopback0
172.16.0.0/25 is subnetted, 2 subnets
D 172.16.1.128 [90/21154560] via 10.3.3.2, 00:00:47, Serial1/0
D 172.16.1.0 [90/20640000] via 10.3.3.2, 00:00:47, Serial1/0
10.0.0.0/30 is subnetted, 4 subnets
D 10.3.3.8 [90/21026560] via 10.3.3.2, 00:00:47, Serial1/0
C 10.3.3.12 is directly connected, Ethernet0/0
C 10.3.3.0 is directly connected, Serial1/0
D 10.3.3.4 [90/21024000] via 10.3.3.2, 00:00:48, Serial1/0R3#configure terminal R3(config)#key chain foochain R3(config-keychain)#key 1 R3(config-keychain-key)#key-string hax0r R3(config-keychain-key)#interface fastethernet 0/0 R3(config-if)#ip authentication mode eigrp 100 md5 R3(config-if)#ip authentication key-chain eigrp 100 foochain R3(config)#interface fastethernet 0/1 R3(config-if)#ip authentication mode eigrp 100 md5 R3(config-if)#ip authentication key-chain eigrp 100 foochain
Once we configure R3 with authentication R0's routing table updates with the lower metric routes through R3.
Gateway of last resort is not set
D 192.168.30.0/24 [90/412160] via 10.3.3.13, 00:00:11, Ethernet0/0
C 192.168.10.0/24 is directly connected, Loopback0
172.16.0.0/25 is subnetted, 2 subnets
D 172.16.1.128 [90/409600] via 10.3.3.13, 00:00:12, Ethernet0/0
D 172.16.1.0 [90/2326016] via 10.3.3.13, 00:00:12, Ethernet0/0
10.0.0.0/30 is subnetted, 4 subnets
D 10.3.3.8 [90/284160] via 10.3.3.13, 00:00:12, Ethernet0/0
C 10.3.3.12 is directly connected, Ethernet0/0
C 10.3.3.0 is directly connected, Serial1/0
D 10.3.3.4 [90/2198016] via 10.3.3.13, 00:00:13, Ethernet0/0
R1(config)#key chain foochain
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string hax0r
R1(config-keychain-key)#interface fastethernet 0/0
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100 foochain
R1(config-if)#
R1(config-if)#interface serial 0/0
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100 foochain
And that's it. As always, check the connectivity is all ok and working.
Next we'll configure unequal cost load balancing on R2. R2 has two possible paths to the 172.16.1.128/25 network hanging of R3. however the paths are not of equal metric since one is Serial-FastEthernet, and the other is Serial-Ethernet. The metric of the two possible paths is reasonably close so we can if we like use the variance command to set up unequal cost load balancing. The routing table on R2 currently contains only one route to the destination network via 10.3.3.6:
Gateway of last resort is not set
D 192.168.30.0/24 [90/2297856] via 10.3.3.6, 00:08:50, Serial0/1
D 192.168.10.0/24 [90/2297856] via 10.3.3.1, 00:08:50, Serial0/0
172.16.0.0/25 is subnetted, 2 subnets
D 172.16.1.128 [90/2300416] via 10.3.3.6, 00:08:50, Serial0/1
C 172.16.1.0 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 4 subnets
D 10.3.3.8 [90/2172416] via 10.3.3.6, 00:08:50, Serial0/1
D 10.3.3.12 [90/2174976] via 10.3.3.6, 00:08:50, Serial0/1
C 10.3.3.0 is directly connected, Serial0/0
C 10.3.3.4 is directly connected, Serial0/1
Looking at the eigrp topology table on R2, you can see there are two possible paths with a Feasible Distance/metric fairly close. Using a variance of two which will multiple the successor's FD both routes will be accepted and entered into the routing table.
2300416 * 2 = 4600832.
One thing to note with the variance command is, it is applied to all eigrp routes in the ASN to which it is set which means any Feasible Successor routes whoes metric is less than the product of the variance times the Feasible Distance are considered to be equal routes and may be placed in the routing table for that ASN.
R2#sh ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(172.16.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.3.3.8/30, 1 successors, FD is 2172416
via 10.3.3.6 (2172416/28160), Serial0/1
via 10.3.3.1 (2198016/284160), Serial0/0
P 10.3.3.12/30, 1 successors, FD is 2174976
via 10.3.3.6 (2174976/30720), Serial0/1
via 10.3.3.1 (2195456/281600), Serial0/0
P 10.3.3.0/30, 1 successors, FD is 2169856
via Connected, Serial0/0
P 10.3.3.4/30, 1 successors, FD is 2169856
via Connected, Serial0/1
P 172.16.1.128/25, 1 successors, FD is 2300416
via 10.3.3.6 (2300416/156160), Serial0/1
via 10.3.3.1 (2323456/409600), Serial0/0
P 192.168.10.0/24, 1 successors, FD is 2297856
via 10.3.3.1 (2297856/128256), Serial0/0
via 10.3.3.6 (2302976/158720), Serial0/1
P 192.168.30.0/24, 1 successors, FD is 2297856
via 10.3.3.6 (2297856/128256), Serial0/1
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
via 10.3.3.1 (2326016/412160), Serial0/0
P 172.16.1.0/25, 1 successors, FD is 128256
via Connected, Loopback0
We'll now configure a variance of two:
R2(config)#router eigrp 100 R2(config-router)#variance 2
The routing table updates and lists both routes as available paths
Gateway of last resort is not set
D 192.168.30.0/24 [90/2297856] via 10.3.3.6, 00:00:05, Serial0/1
[90/2326016] via 10.3.3.1, 00:00:05, Serial0/0
D 192.168.10.0/24 [90/2302976] via 10.3.3.6, 00:00:05, Serial0/1
[90/2297856] via 10.3.3.1, 00:00:05, Serial0/0
172.16.0.0/25 is subnetted, 2 subnets
D 172.16.1.128 [90/2300416] via 10.3.3.6, 00:00:05, Serial0/1
[90/2323456] via 10.3.3.1, 00:00:05, Serial0/0
C 172.16.1.0 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 4 subnets
D 10.3.3.8 [90/2172416] via 10.3.3.6, 00:00:06, Serial0/1
[90/2198016] via 10.3.3.1, 00:00:06, Serial0/0
D 10.3.3.12 [90/2174976] via 10.3.3.6, 00:00:06, Serial0/1
[90/2195456] via 10.3.3.1, 00:00:06, Serial0/0
C 10.3.3.0 is directly connected, Serial0/0
C 10.3.3.4 is directly connected, Serial0/1
