Neighbor relationship and authentication

1.9 Troubleshoot EIGRP (classic and named mode; VRF and global)

📘CCNP Enterprise – ENARSI (300-410)

1. EIGRP Neighbor Relationships

What is an EIGRP Neighbor?

In EIGRP, a neighbor is another router that EIGRP communicates with directly over a network. Neighbors share routing information to learn the best paths to destinations.

EIGRP establishes neighbor relationships using the Hello protocol:

  • Routers send Hello packets periodically to discover and maintain neighbors.
  • If a router stops receiving Hello packets from a neighbor for a certain time (called the Hold timer), the neighbor relationship is considered down.

Steps to Form a Neighbor Relationship

  1. Hello Packets Sent
    • Every router configured with EIGRP sends Hello packets on all EIGRP-enabled interfaces.
    • Routers listen on multicast address:
      • IPv4: 224.0.0.10
      • IPv6: FF02::A
  2. Parameter Matching
    Routers only form neighbors if certain EIGRP parameters match:
    • Autonomous System (AS) number
    • K-values (metrics calculation parameters): default is 1 for all except K4 and K5
    • Authentication (if configured)
    • Network type (broadcast, point-to-point)
    • MTU size: mismatched MTU can prevent adjacency
  3. Neighbor Table Update
    • Once a neighbor relationship forms, routers exchange routing updates and keep a record in the neighbor table.

Checking Neighbor Status

You can verify neighbors with:

  • IPv4:
show ip eigrp neighbors
  • IPv6:
show ipv6 eigrp neighbors

You’ll see:

FieldMeaning
H (Hold)Time before declaring neighbor down
UptimeHow long the neighbor has been up
InterfaceLocal interface used to reach neighbor
AddressNeighbor IP address

Key Concept for Exam: If neighbors aren’t forming, always check AS number, K-values, authentication, MTU, and interface configurations.

2. EIGRP Authentication

EIGRP supports authentication to ensure that routers only form neighbor relationships with trusted devices.

Why Use Authentication?

  • Prevent unauthorized routers from sending fake routing updates.
  • Protect network stability.

Types of Authentication

  1. MD5 Authentication (recommended)
  2. Clear text password (older, less secure)

How to Configure EIGRP Authentication (IPv4 Example)

Step 1: Create a key chain

key chain EIGRP_KEYS
  key 1
    key-string MySecret123

Step 2: Apply authentication to the interface

interface GigabitEthernet0/1
  ip authentication mode eigrp 100 md5
  ip authentication key-chain eigrp 100 EIGRP_KEYS
  • 100 is the EIGRP AS number.
  • md5 is the authentication type.
  • Key string must match on both routers.

Step 3: Verify

show ip eigrp neighbors
show ip eigrp interfaces detail

Named Mode Authentication

In named mode, EIGRP configuration is slightly different:

router eigrp MyNetwork
  address-family ipv4 unicast autonomous-system 100
    af-interface GigabitEthernet0/1
      authentication mode md5
      authentication key-chain EIGRP_KEYS

Note: Named mode is useful for IPv4 and IPv6 in one EIGRP process and supports VRFs.

3. EIGRP in VRF vs Global Routing Table

  • Global Routing Table: Default routing table of the router.
  • VRF (Virtual Routing and Forwarding): Separate routing table for isolated networks (e.g., multiple tenants or network segments).

Neighbor Relationships in VRFs:

  • Must configure EIGRP within the VRF context.
  • Routers only discover neighbors inside the same VRF.
  • Authentication is applied per VRF interface.

Example VRF configuration (IPv4):

ip vrf TenantA
 rd 100:1
!
interface Gig0/1
 ip vrf forwarding TenantA
 ip address 10.1.1.1 255.255.255.0
!
router eigrp 100
 address-family ipv4 vrf TenantA
  af-interface Gig0/1
   authentication mode md5
   authentication key-chain EIGRP_KEYS

4. Common Issues and Troubleshooting Tips

IssueLikely CauseSolution
No neighbor relationshipAS mismatchEnsure same AS number on both routers
Neighbor flapping (up/down)MTU mismatchMatch MTU on both interfaces
Neighbor not formingAuthentication failureCheck key strings, mode, key-chain applied
Slow convergenceHigh Hold timerAdjust hello/hold timers if necessary

Important Commands for Exam:

  • show ip eigrp neighbors
  • show ipv6 eigrp neighbors
  • show ip eigrp interfaces
  • show ip eigrp topology
  • debug eigrp packets (advanced troubleshooting)

Key Points to Remember for the Exam

  1. EIGRP forms neighbors only if AS number, K-values, network type, MTU, and authentication match.
  2. Authentication protects against rogue routers sending bad updates.
  3. MD5 is the preferred authentication method.
  4. VRF neighbors are isolated; global neighbors are part of the global routing table.
  5. Always check neighbor tables and interface configurations when troubleshooting.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by