Bambang F. Indarto

The Journey… The Shares

Posts Tagged ‘protocol’

EIGRP with Authentication

Posted by bfindarto on May 4, 2008

Enhanced Interior Gateway Routing Protocol (EIGRP) is a routing protocol used to select the best suitable route for packets within a network. Basically EIGRP is the enhanced version of IGRP protocols and developed by Cisco Systems. EIGRP uses a bandwidth and delay method to calculate the metric of a network route.

In its configuration, EIGRP may help you to enable authentication protect routing table. In this case, we will try to configure two different routers with routing protocol EIGRP and then perform the authentication between them using the IP authentication key-chain eigrp interface command.

We will use network topology of two different class network in given figure:

EIGRP Sample Topology

Configuration to Enable EIGRP on Router A:
A (config# router eigrp 210 // Enable EIGRP protocol and 20 is Autonomous number.
A (config-router)# network //Advertised router A Serial Network
A (config-router)# network //Advertised router A Ethernet Network

Configuration to Enable EIGRP on Router B:
B (config) # router eigrp 210 //Enable EIGRP protocol and 20 is Autonomous number.
B (config-router) # network //Advertised router B Serial Network
B (config-router) # network //Advertised router B Ethernet Network .

Now Configure EIGRP Authentication on Router A

A (config) # key chain myKey //Create the key chain name, eg. myKey.
A (config-keychain) # key 1 //Set the key number, eg. 1.
A (config-keychain-key) # key-string ironman //Set the key string, eg. “ironman”.
A (config-keychain-key) # end

Now specify the interface that you want to configure EIGRP message authentication.

A (config) # interface serial 0/0/0
A (config-if) # ip authentication key-chain eigrp 1 myKey
A (config-if) # ip authentication mode eigrp 1 md 5
A (config-if) # end

Now Configure EIGRP Authentication on Router B

B (config) # key chain myKey //Create the key chain name, eg. myKey.
B (config-keychain) # key 1 //Set the key number, eg. 1.
B (config-keychain-key) # key-string ironman //Set the key string, eg. “ironman”.
B (config-keychain-key) # end

Now specify the interface that you want to configure EIGRP message authentication.

B (config) # interface serial 0/0/0
B (config-if) # ip authentication key-chain eigrp 1 myKey
B (config-if) # ip authentication mode eigrp 1 md 5
B (config-if) # end


Posted in General | Tagged: , , , , | Leave a Comment »

WAN Protocols: HDLC, PPP, and Frame Relay

Posted by bfindarto on March 26, 2008


HDLC stands for High-Level Data Link Control protocol. Like the two other WAN protocols (PPP and Frame Relay), HDLC is a Layer 2 protocol (see OSI Model for more information on Layers). HDLC is a simple protocol used to connect point to point serial devices. For example, you have point to point leased line connecting two locations, in two different cities. HDLC would be the protocol with the least amount of configuration required to connect these two locations. HDLC would be running over the WAN, between the two locations. Each router would be de-encapsulating HDLC and turning dropping it off on the LAN.

HDLC performs error correction, just like Ethernet. Cisco’s version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

hdlc.jpgHDLC is actually the default protocol on all Cisco serial interfaces. If you try to a show running-config on a Cisco router, your serial interfaces (by default) won’t have any encapsulation. This is because they are configured to the default of HDLC. If you do a show interface serial 0/0/0, you’ll see that you are running HDLC.


You may have heard of the Point to Point Protocol (PPP) because it is used for most every dial up connection to the Internet. PPP is documented in RFC 1661. PPP is based on HDLC and is very similar. Both work well to connect point to point leased lines.

The differences between PPP and HDLC are:

  • PPP is not proprietary when used on a Cisco router
  • PPP has several sub-protocols that make it function.
  • PPP is feature-rich with dial up networking features

Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:

  • Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors.
  • Multilink can bring up multiple PPP dialup links and bond them together to function as one.
  • Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to.

To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command. After changing the encapsulation to ppp, typed ppp ? to list the PPP options available. There are many PPP options when compared to HDLC. 


Frame Relay is a Layer 2 protocol and commonly known as a service from carriers. For example, people will say “I ordered a frame-relay circuit”. Frame relay creates a private network through a carrier’s network. This is done with permanent virtual circuits (PVC). A PVC is a connection from one site, to another site, through the carrier’s network. This is really just a configuration entry that a carrier makes on their frame relay switches.

Obtaining a frame-relay circuit is done by ordering a T1 or fractional T1 from the carrier. On top of that, you order a frame-relay port, matching the size of the circuit you ordered. Finally, you order a PVC that connects your frame relay port to another of your ports inside the network.

The benefits to frame-relay are:

  • Ability to have a single circuit that connects to the “frame relay cloud” and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don’t need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines.
  • Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC’s to gain access to all remote sites.
  • By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection.

Some other terms you should know, concerning frame relay are:

LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI’s are available and if there is congestion in the network.

DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network.

CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE.

DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion.

FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.

Posted in Cisco Networking | Tagged: , , , , , , , , , , | 1 Comment »