EIGRP Configuration Modes
This section describes the two methods of EIGRP configuration: classic mode and named mode.
Classic Configuration Mode
With classic EIGRP configuration mode, most of the configuration takes place in the EIGRP process, but some settings are configured under the interface configuration submode. This can add complexity for deployment and troubleshooting as users must scroll back and forth between the EIGRP process and individual network interfaces. Some of the settings set individually are hello advertisement interval, split-horizon, authentication, and summary route advertisements.
Classic configuration requires the initialization of the routing process with the global configuration command router eigrp as-number to identify the ASN and initialize the EIGRP process. The second step is to identify the network interfaces with the command network ip-address [mask]. The network statement is explained in the following sections.
EIGRP Named Mode
EIGRP named mode configuration was released to overcome some of the difficulties network engineers have with classic EIGRP autonomous system configuration, including scattered configurations and unclear scope of commands.
EIGRP named configuration provides the following benefits:
All the EIGRP configuration occurs in one location.
It supports current EIGRP features and future developments.
It supports multiple address families (including Virtual Routing and Forwarding [VRF] instances). EIGRP named configuration is also known as multi-address family configuration mode.
Commands are clear in terms of the scope of their configuration.
EIGRP named mode provides a hierarchical configuration and stores settings in three subsections:
Address Family: This submode contains settings that are relevant to the global EIGRP AS operations, such as selection of network interfaces, EIGRP K values, logging settings, and stub settings.
Interface: This submode contains settings that are relevant to the interface, such as hello advertisement interval, split-horizon, authentication, and summary route advertisements. In actuality, there are two methods of the EIGRP interface section’s configuration. Commands can be assigned to a specific interface or to a default interface, in which case those settings are placed on all EIGRP-enabled interfaces. If there is a conflict between the default interface and a specific interface, the specific interface takes priority over the default interface.
Topology: This submode contains settings regarding the EIGRP topology database and how routes are presented to the router’s RIB. This section also contains route redistribution and administrative distance settings.
EIGRP named configuration makes it possible to run multiple instances under the same EIGRP process. The process for enabling EIGRP interfaces on a specific instance is as follows:
Step 1. Initialize the EIGRP process by using the command router eigrp process-name. (If a number is used for process-name, the number does not correlate to the autonomous system number.)
Step 2. Initialize the EIGRP instance for the appropriate address family with the command address-family {IPv4 | IPv6} {unicast | vrf vrf-name} autonomous-system as-number.
Step 3. Enable EIGRP on interfaces by using the command network network mask.
EIGRP Network Statement
Both configuration modes use a network statement to identify the interfaces that EIGRP will use. The network statement uses a wildcard mask, which allows the configuration to be as specific or ambiguous as necessary.
The syntax for the network statement, which exists under the EIGRP process, is network ip-address [mask]. The optional mask can be omitted to enable interfaces that fall within the classful boundaries for that network statement.
A common misconception is that the network statement adds the networks to the EIGRP topology table. In reality, the network statement identifies the interface to enable EIGRP on, and it adds the interface’s connected network to the EIGRP topology table. EIGRP then advertises the topology table to other routers in the EIGRP autonomous system.
EIGRP does not add an interface’s secondary connected network to the topology table. For secondary connected networks to be installed in the EIGRP routing table, they must be redistributed into the EIGRP process. Chapter 16, “Route Redistribution,” provides additional coverage of route redistribution.
To help illustrate the concept of the wildcard mask, Table 2-4 provides a set of IP addresses and interfaces for a router. The following examples provide configurations to match specific scenarios.
Table 2-4 Table of Sample Interface and IP Addresses
Router Interface |
IP Address |
Gigabit Ethernet 0/0 |
10.0.0.10/24 |
Gigabit Ethernet 0/1 |
10.0.10.10/24 |
Gigabit Ethernet 0/2 |
192.0.0.10/24 |
Gigabit Ethernet 0/3 |
192.10.0.10/24 |
The configuration in Example 2-1 enables EIGRP only on interfaces that explicitly match the IP addresses in Table 2-4.
Example 2-1 EIGRP Configuration with Explicit IP Addresses
Router eigrp 1
network 10.0.0.10 0.0.0.0
network 10.0.10.10 0.0.0.0
network 192.0.0.10 0.0.0.0
network 192.10.0.10 0.0.0.0
Example 2-2 shows the EIGRP configuration using network statements that match the subnets used in Table 2-4. Setting the last octet of the IP address to 0 and changing the wildcard mask to 255 causes the network statements to match all IP addresses within the /24 network range.
Example 2-2 EIGRP Configuration with Explicit Subnet
Router eigrp 1
network 10.0.0.0 0.0.0.255
network 10.0.10.0 0.0.0.255
network 192.0.0.0 0.0.0.255
network 192.10.0.0 0.0.0.255
The following snippet shows the EIGRP configuration using network statements for interfaces that are within the 10.0.0.0/8 or 192.0.0.0/8 network ranges:
router eigrp 1
network 10.0.0.0 0.255.255.255
network 192.0.0.0 0.255.255.255
The following snippet shows the configuration to enable all interfaces with EIGRP:
router eigrp 1
network 0.0.0.0 255.255.255.255
Sample Topology and Configuration
Figure 2-5 shows a sample topology for demonstrating EIGRP configuration in classic mode for R1 and named mode for R2.
)
Figure 2-5 EIGRP Sample Topology
R1 and R2 enable EIGRP on all of their interfaces. R1 configures EIGRP using multiple specific network interface addresses, and R2 enables EIGRP on all network interfaces with one command. Example 2-3 provides the configuration that is applied to R1 and R2.
Example 2-3 Sample EIGRP Configuration
R1 (Classic Configuration)
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/1
ip address 10.12.1.1 255.255.255.0
!
interface GigabitEthernet0/2
ip address 10.11.11.1 255.255.255.0
!
router eigrp 100
network 10.11.11.1 0.0.0.0
network 10.12.1.1 0.0.0.0
network 192.168.1.1 0.0.0.0
R2 (Named Mode Configuration)
interface Loopback0
ip address 192.168.2.2 255.255.255.255
!
interface GigabitEthernet0/1
ip address 10.12.1.2 255.255.255.0
!
interface GigabitEthernet0/2
ip address 10.22.22.2 255.255.255.0
!
router eigrp EIGRP-NAMED
address-family ipv4 unicast autonomous-system 100
network 0.0.0.0 255.255.255.255
As mentioned earlier, EIGRP named mode has three configuration submodes. The configuration from Example 2-3 uses only the EIGRP address-family submode section, which uses the network statement. The EIGRP topology base submode is created automatically with the command topology base and exited with the command exit-af-topology. Settings for the topology submode are listed between those two commands.
Example 2-4 demonstrates the slight difference in how the configuration is stored on the router between EIGRP classic and named mode configurations.
Example 2-4 Named Mode Configuration Structure
R1# show run | section router eigrp router eigrp 100 network 10.11.11.1 0.0.0.0 network 10.12.1.1 0.0.0.0 network 192.168.1.1 0.0.0.0
R2# show run | section router eigrp router eigrp EIGRP-NAMED ! address-family ipv4 unicast autonomous-system 100 ! topology base exit-af-topology network 0.0.0.0 exit-address-family
Confirming Interfaces
Upon configuring EIGRP, it is a good practice to verify that only the intended interfaces are running EIGRP. The command show ip eigrp interfaces [{interface-id [detail] | detail}] shows active EIGRP interfaces. Appending the optional detail keyword provides additional information, such as authentication, EIGRP timers, split horizon, and various packet counts.
Example 2-5 demonstrates R1’s non-detailed EIGRP interface and R2’s detailed information for the Gi0/1 interface.
Example 2-5 Verification of EIGRP Interfaces
R1# show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(100)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 0 0/0 0/0 0 0/0 0 0
Gi0/1 1 0/0 0/0 10 0/0 50 0
Lo0 0 0/0 0/0 0 0/0 0 0
R2# show ip eigrp interfaces gi0/1 detail
EIGRP-IPv4 VR(EIGRP-NAMED) Address-Family Interfaces for AS(100)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1 1 0/0 0/0 1583 0/0 7912 0
Hello-interval is 5, Hold-time is 15
Split-horizon is enabled
Next xmit serial <none>
Packetized sent/expedited: 2/0
Hello's sent/expedited: 186/2
Un/reliable mcasts: 0/2 Un/reliable ucasts: 2/2
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0
Retransmissions sent: 1 Out-of-sequence rcvd: 0
Topology-ids on interface - 0
Authentication mode is not set
Topologies advertised on this interface: base
Topologies not advertised on this interface:
Table 2-5 provides a brief explanation to the key fields shown with the EIGRP interfaces.
Table 2-5 EIGRP Interface Fields
Field |
Description |
Interface |
Interfaces running EIGRP. |
Peers |
Number of peers detected on that interface. |
Xmt Queue Un/Reliable |
Number of unreliable/reliable packets remaining in the transmit queue. The value zero is an indication of a stable network. |
Mean SRTT |
Average time for a packet to be sent to a neighbor and a reply from that neighbor to be received, in milliseconds. |
Multicast Flow Timer |
Maximum time (seconds) that the router sent multicast packets. |
Pending Routes |
Number of routes in the transmit queue that need to be sent. |
Verifying EIGRP Neighbor Adjacencies
Each EIGRP process maintains a table of neighbors to ensure that they are alive and processing updates properly. Without keeping track of a neighbor state, an autonomous system could contain incorrect data and could potentially route traffic improperly. EIGRP must form a neighbor relationship before a router advertises update packets containing network prefixes.
The command show ip eigrp neighbors [interface-id] displays the EIGRP neighbors for a router. Example 2-6 shows the EIGRP neighbor information using this command.
Example 2-6 EIGRP Neighbor Confirmation
R1# show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.12.1.2 Gi0/1 13 00:18:31 10 100 0 3
Table 2-6 provides a brief explanation of the key fields shown in Example 2-6.
Table 2-6 EIGRP Neighbor Columns
Field |
Description |
Address |
IP address of the EIGRP neighbor |
Interface |
Interface the neighbor was detected on |
Holdtime |
Time left to receive a packet from this neighbor to ensure that it is still alive |
SRTT |
Time for a packet to be sent to a neighbor and a reply to be received from that neighbor, in milliseconds |
RTO |
Timeout for retransmission (waiting for ACK) |
Q Cnt |
Number of packets (update/query/reply) in queue for sending |
Seq Num |
Sequence number that was last received from this router |
Displaying Installed EIGRP Routes
You can see EIGRP routes that are installed into the RIB by using the command show ip route eigrp. EIGRP routes originating within the autonomous system have an administrative distance (AD) of 90 and are indicated in the routing table with a D. Routes that originate from outside the autonomous system are external EIGRP routes. External EIGRP routes have an AD of 170 and are indicated in the routing table with D EX. Placing external EIGRP routes into the RIB with a higher AD acts as a loop-prevention mechanism.
Example 2-7 displays the EIGRP routes from the sample topology in Figure 2-5. The metric for the selected route is the second number in brackets.
Example 2-7 EIGRP Routes for R1 and R2
R1# show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
D 10.22.22.0/24 [90/3072] via 10.12.1.2, 00:19:25, GigabitEthernet0/1
192.168.2.0/32 is subnetted, 1 subnets
D 192.168.2.2 [90/2848] via 10.12.1.2, 00:19:25, GigabitEthernet0/1
R2# show ip route eigrp
! Output omitted for brevity
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
D 10.11.11.0/24 [90/15360] via 10.12.1.1, 00:20:34, GigabitEthernet0/1
192.168.1.0/32 is subnetted, 1 subnets
D 192.168.1.1 [90/2570240] via 10.12.1.1, 00:20:34, GigabitEthernet0/1
Router ID
The router ID (RID) is a 32-bit number that uniquely identifies an EIGRP router and is used as a loop-prevention mechanism. The RID can be set dynamically, which is the default, or manually.
The algorithm for dynamically choosing the EIGRP RID uses the highest IPv4 address of any up loopback interfaces. If there are not any up loopback interfaces, the highest IPv4 address of any active up physical interfaces becomes the RID when the EIGRP process initializes.
IPv4 addresses are commonly used for the RID because they are 32 bits and are maintained in dotted-decimal format. You use the command eigrp router-id router-id to set the RID, as demonstrated in Example 2-8, for both classic and named mode configurations.
Example 2-8 Static Configuration of EIGRP Router ID
R1(config)# router eigrp 100 R1(config-router)# eigrp router-id 192.168.1.1
R2(config)# router eigrp EIGRP-NAMED R2(config-router)# address-family ipv4 unicast autonomous-system 100 R2(config-router-af)# eigrp router-id 192.168.2.2
Passive Interfaces
Some network topologies must advertise a network segment into EIGRP but need to prevent neighbors from forming adjacencies with other routers on that segment. This might be the case, for example, when advertising access layer networks in a campus topology. In such a scenario, you need to put the EIGRP interface in a passive state. Passive EIGRP interfaces do not send out or process EIGRP hellos, which prevents EIGRP from forming adjacencies on that interface.
To configure an EIGRP interface as passive, you use the command passive-interface interface-id under the EIGRP process for classic configuration. Another option is to configure all interfaces as passive by default with the command passive-interface default and then use the command no passive-interface interface-id to allow an interface to process EIGRP packets, preempting the global passive interface default configuration.
Example 2-9 demonstrates making R1’s Gi0/2 interface passive and also the alternative option of making all interfaces passive but setting Gi0/1 as non-passive.
Example 2-9 Passive EIGRP Interfaces for Classic Configuration
R1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)# router eigrp 100 R1(config-router)# passive-interface gi0/2
R1(config)# router eigrp 100 R1(config-router)# passive-interface default 04:22:52.031: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.12.1.2 (GigabitEthernet0/1) is down: interface passive R1(config-router)# no passive-interface gi0/1 *May 10 04:22:56.179: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.12.1.2 (GigabitEthernet0/1) is up: new adjacency
For a named mode configuration, you place the passive-interface state on af-interface default for all EIGRP interfaces or on a specific interface with the af-interface interface-id section. Example 2-10 shows how to set the Gi0/2 interface as passive while allowing the Gi0/1 interface to be active using both configuration strategies.
Example 2-10 Passive EIGRP Interfaces for Named Mode Configuration
R2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)# router eigrp EIGRP-NAMED R2(config-router)# address-family ipv4 unicast autonomous-system 100 R2(config-router-af)# af-interface gi0/2 R2(config-router-af-interface)# passive-interface R2(config-router-af-interface)# exit-af-interface
R2(config)# router eigrp EIGRP-NAMED R2(config-router)# address-family ipv4 unicast autonomous-system 100 R2(config-router-af)# af-interface default R2(config-router-af-interface)# passive-interface 04:28:30.366: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.12.1.1 (GigabitEthernet0/1) is down: interface passiveex R2(config-router-af-interface)# exit-af-interface R2(config-router-af)# af-interface gi0/1 R2(config-router-af-interface)# no passive-interface R2(config-router-af-interface)# exit-af-interface *May 10 04:28:40.219: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.12.1.1 (GigabitEthernet0/1) is up: new adjacency
Example 2-11 shows what the named mode configuration looks like with some settings (i.e. passive-interface or no passive-interface) placed under the af-interface default or the af-interface interface-id setting.
Example 2-11 Viewing the EIGRP Interface Settings with Named Mode
R2# show run | section router eigrp router eigrp EIGRP-NAMED ! address-family ipv4 unicast autonomous-system 100 ! af-interface default passive-interface exit-af-interface ! af-interface GigabitEthernet0/1 no passive-interface exit-af-interface ! topology base exit-af-topology network 0.0.0.0 exit-address-family
A passive interface does not appear in the output of the command show ip eigrp interfaces even though it was enabled. Connected networks for passive interfaces are still added to the EIGRP topology table so that they are advertised to neighbors.
Example 2-12 shows that the Gi0/2 interface on R1 no longer appears; compare this to Example 2-5, where it does exist.
Example 2-12 Passive Interfaces do not Appear
R1# show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(100)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1 1 0/0 0/0 9 0/0 50 0
To accelerate troubleshooting of passive interfaces, and other settings, the command show ip protocols provides a lot of valuable information about all the routing protocols. With EIGRP, it displays the EIGRP process identifier, the ASN, K values that are used for path calculation, RID, neighbors, AD settings, and all the passive interfaces.
Example 2-13 provides sample output for both classic and named mode instances on R1 and R2.
Example 2-13 IP Protocols Output
R1# show ip protocols
! Output omitted for brevity
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 Protocol for AS(100)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 192.168.1.1
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
10.11.11.1/32
10.12.1.1/32
192.168.1.1/32
Passive Interface(s):
GigabitEthernet0/2
Loopback0
Routing Information Sources:
Gateway Distance Last Update
10.12.1.2 90 00:21:35
Distance: internal 90 external 170
R2# show ip protocols
! Output omitted for brevity
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 VR(EIGRP-NAMED) Address-Family Protocol for AS(100)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0
Metric rib-scale 128
Metric version 64bit
Soft SIA disabled
NSF-aware route hold timer is 240
Router-ID: 192.168.2.2
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 5
Total Redist Count: 0
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
0.0.0.0
Passive Interface(s):
GigabitEthernet0/2
Loopback0
Routing Information Sources:
Gateway Distance Last Update
10.12.1.1 90 00:24:26
Distance: internal 90 external 170
Authentication
Authentication is a mechanism for ensuring that only authorized routers are eligible to become EIGRP neighbors. It is possible for someone to add a router to a network and introduce invalid routes accidentally or maliciously. Authentication prevents such scenarios from happening. A precomputed password hash is included with all EIGRP packets, and the receiving router decrypts the hash. If the passwords do not match for a packet, the router discards the packet.
EIGRP encrypts the password by using a Message Digest 5 (MD5) authentication, using the keychain function. The hash consists of the key number and a password. EIGRP authentication encrypts just the password rather than the entire EIGRP packet.
To configure EIGRP authentication, you need to create a keychain and then enable EIGRP authentication on the interface. The following sections explain the steps.
Keychain Configuration
Keychain creation is accomplished with the following steps:
Step 1. Create the keychain by using the command key chain key-chain-name.
Step 2. Identify the key sequence by using the command key key-number, where key-number can be anything from 0 to 2147483647.
Step 3. Specify the preshared password by using the command key-string password.
Enabling Authentication on the Interface
When using classic configuration, authentication must be enabled on the interface under the interface configuration submode. The following commands are used in the interface configuration submode:
ip authentication key-chain eigrp as-number key-chain-name ip authentication mode eigrp as-number md5
The named mode configuration places the configurations under the EIGRP interface submode, under the af-interface default or the af-interface interface-id. Named mode configuration supports MD5 or Hashed Message Authentication Code-Secure Hash Algorithm-256 (HMAC-SHA-256) authentication. MD5 authentication involves the following commands:
authentication key-chain eigrp key-chain-name authentication mode md5
The HMAC-SHA-256 authentication involves the command authentication mode hmac-sha-256 password.
Example 2-14 demonstrates MD5 configuration on R1 with classic EIGRP configuration and on R2 with named mode configuration. Remember that the hash is computed using the key sequence number and key string, which must match on the two nodes.
Example 2-14 EIGRP Authentication Configuration
R1(config)# key chain EIGRPKEY R1(config-keychain)# key 2 R1(config-keychain-key)# key-string CISCO R1(config)# interface gi0/1 R1(config-if)# ip authentication mode eigrp 100 md5 R1(config-if)# ip authentication key-chain eigrp 100 EIGRPKEY
R2(config)# key chain EIGRPKEY R2(config-keychain)# key 2 R2(config-keychain-key)# key-string CISCO R2(config-keychain-key)# router eigrp EIGRP-NAMED R2(config-router)# address-family ipv4 unicast autonomous-system 100 R2(config-router-af)# af-interface default R2(config-router-af-interface)# authentication mode md5 R2(config-router-af-interface)# authentication key-chain EIGRPKEY
The command show key chain provides verification of the keychain. Example 2-15 shows that each key sequence provides the lifetime and password.
Example 2-15 Verification of Keychain Settings
R1# show key chain
Key-chain EIGRPKEY:
key 2 -- text "CISCO"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
The EIGRP interface detail view provides verification of EIGRP authentication on a specific interface. Example 2-16 provides detailed EIGRP interface output.
Example 2-16 Verification of EIGRP Authentication
R1# show ip eigrp interface detail
EIGRP-IPv4 Interfaces for AS(100)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1 0 0/0 0/0 0 0/0 50 0
Hello-interval is 5, Hold-time is 15
Split-horizon is enabled
Next xmit serial <none>
Packetized sent/expedited: 10/1
Hello's sent/expedited: 673/12
Un/reliable mcasts: 0/9 Un/reliable ucasts: 6/19
Mcast exceptions: 0 CR packets: 0 ACKs suppressed: 0
Retransmissions sent: 16 Out-of-sequence rcvd: 1
Topology-ids on interface - 0
Authentication mode is md5, key-chain is "EIGRPKEY"