I was working on my EIGRP lab using the configuration shown in the diagram.


This lab started with three routers, HQ and two branch offices (R2 and R3). At some point I’ve decided to add another router that will have no direct access to HQ, just for fun.

Step I:
Configuring all the interfaces as the diagram show. For the exam it is always good to remember that a no shutdown is required on every interface. Always assume that an interface is administratively down.
I’ve done a typo or was not focused enough and this popped:

*Mar  1 00:17:25.599: %IP-4-DUPADDR: Duplicate address on Ethernet1/0, sourced by cc06.0a7c.0010

In this case Interface E1/0 on R3 had the same IP as Interface E1/0 of R2.

Step II:
After completing the interfaces configuration I used ping to test the connections (I test every connection, one ping per interface).
When I was sure that all the connections are working it was time to start EIGRP on all the routers using the following:
router eigrp 1

At this point messages popped all over the place stating the discovery of new neighbors

*Mar  1 00:01:47.611: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Serial0/1) is up: new adjacency

Step III:
Running show commands to verify EIGRP is running and neighbors can communicate. These are the outputs from my HQ router:

HQ#sh ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P, 1 successors, FD is 2169856
via Connected, Serial0/0
P, 1 successors, FD is 2169856
via Connected, Serial0/1
P, 2 successors, FD is 2195456
via (2195456/281600), Serial0/1
via (2195456/281600), Serial0/0
P, 1 successors, FD is 2172416
via (2172416/28160), Serial0/0
via (2174976/30720), Serial0/1
P, 1 successors, FD is 2172416
via (2172416/28160), Serial0/1
via (2174976/30720), Serial0/0

HQ#sh ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
(sec)         (ms)       Cnt Num
1               Se0/1             12 00:00:35  471  2826  0  9
0               Se0/0             12 00:01:09  398  2388  0  14

HQ#sh ip eigrp traffic
IP-EIGRP Traffic Statistics for AS 1
Hellos sent/received: 52/29
Updates sent/received: 8/10
Queries sent/received: 0/0
Replies sent/received: 0/0
Acks sent/received: 8/2
Input queue high water mark 3, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Hello Process ID: 182
PDM Process ID: 162

At this point my EIGRP network was up and running.
You can check my show run configuration for HQ and R3 (why R3? we’ll get there in a minute), the other two routers has similar configuration.

Step IV:
Using the key chain command I built an authentication process between HQ and R3. These are the commands I used on global configuration for both routers:
key chain ROFI
key 1
key-string s3cr3t
access-lifetime 01:00:00 Mar 1 2002 02:00:00 Mar 1 2002
send-lifetime 01:00:00 Mar 1 2002 02:00:00 Mar 1 2002

And this is the commands per Serial interface (also identical on both routers):
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 ROFI

I noticed that the neighbor status changed to down while configuring HQ, which make sense because R3 was not configured yet but when the configuration on R3 completed and the neighbors still could not communicate I used the debug eigrp packet command to look for the problem

R3#debug eigrp packet
*Mar  1 00:51:22.755: EIGRP: Sending HELLO on Serial0/0
*Mar  1 00:51:22.755:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar  1 00:51:24.227: EIGRP: Serial0/0: ignored packet from, opcode =5 (missing authentication)
*Mar  1 00:51:27.631: EIGRP: interface Serial0/0, No live authentication keys
*Mar  1 00:51:32.139: EIGRP: Sending HELLO on Ethernet1/0
*Mar  1 00:51:32.139:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar  1 00:51:28.383: EIGRP: Received HELLO on Ethernet1/0 nbr

This debug output show both the failed authentication on S0/0 and a successful connection on E1/0.
The reason my authentication failed was the lifetime parameters that did not match due to unsynchronized clocks.
To resolve it I added the command ntp master to the HQ router and the command ntp server to router R3. The errors cleared right away and the authentication completed successfully.

Mar  1 01:01:07.433: EIGRP: Sending HELLO on Serial0/0
Mar  1 01:01:07.433:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Mar  1 01:01:07.993: EIGRP: received packet with MD5 authentication, key id = 1
Mar  1 01:01:07.997: EIGRP: Received HELLO on Serial0/0 nbr

Step V:
I wanted to check how eigrp 1 network converge when Interface S0/0 on R3 fail (using shutdown command).
This is a trace from HQ router to R4:


Type escape sequence to abort.
Tracing the route to

1 128 msec 152 msec 80 msec
2 936 msec 416 msec *

And after the shutdown command on R3


Type escape sequence to abort.
Tracing the route to

1 144 msec 204 msec 124 msec
2 344 msec 292 msec *

While testing the Serial shutdown the routers popped all the options the book explained…

*Mar  1 00:31:45.083: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (FastEthernet0/1) is down: holding time expired
*Mar  1 00:33:23.779: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (FastEthernet0/1) is up: new adjacency
*Mar  1 00:35:36.915: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Serial0/0) is resync: peer graceful-restart
*Mar  1 00:36:30.443: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (FastEthernet2/0) is down: Interface Goodbye received
*Mar  1 00:38:43.183: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (FastEthernet2/0) is up: new adjacency

This lab was fun, I also played a bit with eigrp stub and auto-summary. There are many more configurations options but I feel that I’ve covered the basics and understand the way EIGRP work, at least for this stage of my studies.
After a day off tomorrow (Family and Superbowl) I’ll start the OSPF section on Monday.

Only 175 days left to complete my CCNP!

Find more labs here

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 45 other followers

%d bloggers like this: