1
00:00:03,085 --> 00:00:05,668
(upbeat music)

2
00:00:08,941 --> 00:00:11,779
- So, at this point, we have
EIGRP up and functional.

3
00:00:11,779 --> 00:00:14,072
We have end to end IP connectivity.

4
00:00:14,072 --> 00:00:16,505
But the lab also said
that between two routers,

5
00:00:16,505 --> 00:00:19,271
we had to include EIGRP authentication.

6
00:00:19,271 --> 00:00:20,620
So in this particular video,

7
00:00:20,620 --> 00:00:24,321
that is where we're gonna add
in that particular element.

8
00:00:24,321 --> 00:00:27,459
So, remember, as far as
the lab was concerned,

9
00:00:27,459 --> 00:00:29,757
EIGRP authentication's
supposed to take place

10
00:00:29,757 --> 00:00:33,350
between Router One, actually,
they gave us freedom, alright,

11
00:00:33,350 --> 00:00:35,258
you could have it happen
between any two routers

12
00:00:35,258 --> 00:00:36,465
in your network.

13
00:00:36,465 --> 00:00:38,154
I'm just choosing to have it happen

14
00:00:38,154 --> 00:00:40,142
between Router One and Router Three.

15
00:00:40,142 --> 00:00:42,084
If you wanna chose a
different pair of routers,

16
00:00:42,084 --> 00:00:43,881
that's perfectly fine.

17
00:00:43,881 --> 00:00:45,965
Okay, so let's go ahead and get it working

18
00:00:45,965 --> 00:00:47,043
between these two routers.

19
00:00:47,043 --> 00:00:48,985
So with EIGRP authentication,

20
00:00:48,985 --> 00:00:51,224
it's basically a two step process.

21
00:00:51,224 --> 00:00:52,772
Number one, we have to configure something

22
00:00:52,772 --> 00:00:56,317
called a key-chain at the
global configuration level.

23
00:00:56,317 --> 00:00:59,338
And that key chain is what's
gonna contain our password,

24
00:00:59,338 --> 00:01:02,017
otherwise known as a key-string.

25
00:01:02,017 --> 00:01:05,536
Then, we have to go to
the interface level.

26
00:01:05,536 --> 00:01:07,414
And on the interface
level, we have to tell it:

27
00:01:07,414 --> 00:01:09,820
"hey, when you're speaking EIGRP,

28
00:01:09,820 --> 00:01:11,756
I want you to implement authentication

29
00:01:11,756 --> 00:01:16,055
and I want you to refer
back to this key-chain

30
00:01:16,055 --> 00:01:18,500
and you'll find your password over there."

31
00:01:18,500 --> 00:01:19,545
So let's go ahead and do that.

32
00:01:19,545 --> 00:01:23,918
Let's create the key-chain
first on Router One.

33
00:01:23,918 --> 00:01:27,744
Key-chain, and I'll just call it INE.

34
00:01:27,744 --> 00:01:29,827
And here we'll say key 1.

35
00:01:31,194 --> 00:01:33,538
We're just gonna have one
password in this particular case.

36
00:01:33,538 --> 00:01:36,205
And key-string will also be INE.

37
00:01:37,728 --> 00:01:39,061
Save our config.

38
00:01:41,208 --> 00:01:44,557
Now, before I actually do this,

39
00:01:44,557 --> 00:01:47,578
let's back up here for a second.

40
00:01:47,578 --> 00:01:50,089
Let's close this out.

41
00:01:50,089 --> 00:01:53,001
Let's shut down all of our routers.

42
00:01:53,001 --> 00:01:55,859
And let's create a snapshot
of where we are right now,

43
00:01:55,859 --> 00:01:59,319
before we add in our authentication.

44
00:01:59,319 --> 00:02:01,208
So, we've already created one snapshot,

45
00:02:01,208 --> 00:02:03,799
which was called IP addresses only.

46
00:02:03,799 --> 00:02:07,799
Now, let's create another
one called EIGRP basic

47
00:02:08,706 --> 00:02:11,769
and we will remember
that's the configuration

48
00:02:11,769 --> 00:02:15,587
where EIGRP was working but
we hadn't modified it yet

49
00:02:15,587 --> 00:02:19,754
by adding authentication
or anything else like that.

50
00:02:22,016 --> 00:02:24,981
And once again, remember that
in order to create a snapshot

51
00:02:24,981 --> 00:02:26,254
or restore to a previous snapshot,

52
00:02:26,254 --> 00:02:30,936
all of your IOS devices have
to be in the powered off state.

53
00:02:30,936 --> 00:02:34,044
Now let's go ahead and turn it back on.

54
00:02:34,044 --> 00:02:38,211
Let's go back to Router One
and take up where we left off.

55
00:02:40,103 --> 00:02:43,135
Now you should still have
that key chain in there

56
00:02:43,135 --> 00:02:47,819
because I did save it with
the right memory command.

57
00:02:47,819 --> 00:02:49,569
Let's just verify it.

58
00:02:50,541 --> 00:02:52,155
Yes, he does, okay.

59
00:02:52,155 --> 00:02:56,218
So now let's go on to his
interface, int fast 0/0.

60
00:02:56,218 --> 00:02:59,219
Now we're gonna say ip authentication

61
00:02:59,219 --> 00:03:02,386
and then we'll say mode eigrp 100 md5.

62
00:03:06,398 --> 00:03:10,534
So we're saying for EIGRP
autonomous system100

63
00:03:10,534 --> 00:03:13,533
on this interface, use md5 authentication.

64
00:03:13,533 --> 00:03:14,617
Then, we have to say

65
00:03:14,617 --> 00:03:18,117
ip authentication key-chain eigrp 100 INE.

66
00:03:22,144 --> 00:03:25,190
Basically saying, refer back
to the key chain called INE

67
00:03:25,190 --> 00:03:29,357
and you'll find your
password, or passwords, there.

68
00:03:31,191 --> 00:03:32,524
Let's save this.

69
00:03:34,495 --> 00:03:36,489
Let's do a sho run.

70
00:03:36,489 --> 00:03:38,907
And now, you probably
won't have this ability

71
00:03:38,907 --> 00:03:41,016
in any kind of simulations
or anything that you do

72
00:03:41,016 --> 00:03:44,478
on your CCNA exam, you
probably won't have the ability

73
00:03:44,478 --> 00:03:45,395
to do this.

74
00:03:46,827 --> 00:03:48,927
But, what I'm just gonna do, is I'm going

75
00:03:48,927 --> 00:03:52,208
to copy and paste the
relevant information over

76
00:03:52,208 --> 00:03:53,875
to the other router.

77
00:03:55,062 --> 00:03:57,977
So let's go down to my key-chain here.

78
00:03:57,977 --> 00:03:58,977
Here we are.

79
00:03:59,995 --> 00:04:02,935
Copy and paste this in here.

80
00:04:02,935 --> 00:04:06,268
And then let's go down to the interface.

81
00:04:07,275 --> 00:04:11,442
FastEthernet0/0 and let's just copy that.

82
00:04:13,046 --> 00:04:14,640
Strip out that IP address,

83
00:04:14,640 --> 00:04:19,092
though because that will not
be relevant for Router Three.

84
00:04:19,092 --> 00:04:23,461
And at the end of this,
we'll just say, end.

85
00:04:23,461 --> 00:04:27,128
Okay, so let's go ahead
and save Router One.

86
00:04:29,819 --> 00:04:32,902
And now, let's get into Router Three.

87
00:04:38,396 --> 00:04:42,563
Okay and then let's just
paste in what we just did

88
00:04:43,571 --> 00:04:47,738
on Router One, all of the
relevant stuff matches exactly.

89
00:04:49,599 --> 00:04:50,599
Right click.

90
00:04:52,490 --> 00:04:56,039
And the neighbor relationship
comes up so how do we know

91
00:04:56,039 --> 00:04:57,564
that authentication's working?

92
00:04:57,564 --> 00:04:58,976
Well, there's several ways.

93
00:04:58,976 --> 00:05:03,143
Sho ip eigrp neighbor, if
authentication had failed,

94
00:05:05,410 --> 00:05:09,576
we would not have a
neighbor on that interface.

95
00:05:09,576 --> 00:05:13,743
Also, sho ip route eigrp, if
authentication had failed,

96
00:05:16,541 --> 00:05:20,748
we would not have learned
about any eigrp routes

97
00:05:20,748 --> 00:05:22,551
on that interface.

98
00:05:22,551 --> 00:05:26,037
So it's sort of by
inference that we can assume

99
00:05:26,037 --> 00:05:29,258
that authentication's working
because if it wasn't working,

100
00:05:29,258 --> 00:05:32,819
none of this other stuff
would be working either.

101
00:05:32,819 --> 00:05:36,374
So we'll save our configuration here.

102
00:05:36,374 --> 00:05:37,707
Bring this down.

103
00:05:39,819 --> 00:05:42,445
Turn off all of our routers

104
00:05:42,445 --> 00:05:45,712
and let's create another snapshot.

105
00:05:45,712 --> 00:05:49,462
And we'll call this one
EIGRP-authentication.

106
00:05:56,045 --> 00:05:57,378
And then, close.

107
00:06:00,513 --> 00:06:02,573
And that concludes this
section of the video.

108
00:06:02,573 --> 00:06:05,222
So now we've got one more
task to do in the next video,

109
00:06:05,222 --> 00:06:08,164
the last one of this particular lab.

110
00:06:08,164 --> 00:06:11,083
We're gonna number one,
verify what path is being used

111
00:06:11,083 --> 00:06:14,616
between Router One and Router
Four to ping their loopbacks,

112
00:06:14,616 --> 00:06:16,776
which is most likely that bottom path,

113
00:06:16,776 --> 00:06:18,258
the FastEthernet path.

114
00:06:18,258 --> 00:06:20,944
And then we're gonna manipulate
EIGRP so that ultimately,

115
00:06:20,944 --> 00:06:23,515
when they ping their
loopbacks, they end up going

116
00:06:23,515 --> 00:06:27,133
across the slower speed length on the top.

117
00:06:27,133 --> 00:06:29,133
(music)