The combination of the key ID and
the interface that is associated with the message uniquely identi?¬?es the MD5 authentication key
in use.
Implementing EIGRP 185
EIGRP enables you to manage keys by using key chains. Each key de?¬?nition within the key chain
can specify a time interval for which that key is activated (its lifetime). Then, during the lifetime
of a given key, routing update packets are sent with this activated key. Only one authentication
packet is sent, regardless of how many valid keys exist. The software examines the key numbers
in order from lowest to highest, and it uses the ?¬?rst valid key that it encounters.
Keys cannot be used during time periods for which they are not activated. Therefore, it is
recommended that for a given key chain, key activation times overlap to avoid any period of time
for which no key is activated. If a time exists during which no key is activated, neighbor
authentication cannot occur, and therefore, routing updates fail.
Creating a Key Chain
Perform the following steps to create a key chain:
Step 1 Enter the key chain command to enter the con?¬?guration mode for the key
chain. The value provided for the name-of-chain parameter for the key
chain command indicates the name of the authentication key chain from
which a key is to be obtained.
Pages:
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289