23 Apr

Secret changes in Cisco documentation (follow up on “No EIGRP neighbor authentication on ASR9K” post)

I received comment from Pushpasis Sarkar from Cisco on my previous post about lack of EIGRP authentication on ASR9k. It made me wonder if I missed something during deployment? I remember we were testing it hardly in lab and documentation stated clearly it’s not supported. I’m pretty sure, but 100%, that we were testing key chains both with and without defined lifetime and cryptographic-algorithm, because we were having some issues with IS-IS and key chains too. And it never worked.
Read More

24 Oct

No EIGRP neighbor authentication on ASR9K

Cisco representative has tried to tell me lately there is feature parity between platforms on IOS XR. In general maybe there is, but in details not. My previous example about lack of GRE tunnels is not valid anymore as this feature has been added in release 3.9.2 on ASR 9000 routers. The configuration of GRE tunnels would not be commited previously because it was not supported.

Things are different when you try to implement authentication for EIGRP neighbors using key chains. This feature, according to official configuration guide, is not supported in IOS XR on ASR 9000 platform, but is supported on CRS-1. So the configuration like that should not be validated and commited

key chain test
 key 1
  key-string password 12345
!
router eigrp 65500
 address-family ipv4
  interface Bundle-Ether1.100
   authentication keychain test

To bad in this case, even if this feature is not supported, IOS XR CLI would let configuration to be commited. Just no neighborship will be established ever that link.

EIGRP authentication is not supported on 3.9 nor 4.0 release of IOS XR.