24 Oct

No EIGRP neighbor authentication on ASR9K

Cisco representative has tried to tell me lately there is feature parity between platforms on IOS XR. In general maybe there is, but in details not. My previous example about lack of GRE tunnels is not valid anymore as this feature has been added in release 3.9.2 on ASR 9000 routers. The configuration of GRE tunnels would not be commited previously because it was not supported.

Things are different when you try to implement authentication for EIGRP neighbors using key chains. This feature, according to official configuration guide, is not supported in IOS XR on ASR 9000 platform, but is supported on CRS-1. So the configuration like that should not be validated and commited

key chain test
 key 1
  key-string password 12345
!
router eigrp 65500
 address-family ipv4
  interface Bundle-Ether1.100
   authentication keychain test

To bad in this case, even if this feature is not supported, IOS XR CLI would let configuration to be commited. Just no neighborship will be established ever that link.

EIGRP authentication is not supported on 3.9 nor 4.0 release of IOS XR.

2 thoughts on “No EIGRP neighbor authentication on ASR9K

  1. Actually it is supported on all IOS-XR based router since 3.8.0. The reason it might not be working is that the Keychain configuration is incomplete. EIGRP in IOS-XR routers supports only MD5-based keys available through a keychain only. So the corresponding keychain config should be.


    key chain test
    key 1
    key-string password 12345
    cryptographic-algorithm md5
    accept-lifetime 00:00:00 january 01 2010 infinite
    send-lifetime 00:00:00 january 01 2010 infinite
    !

Leave a Reply

%d bloggers like this: