2.1.2 Ensure 'EIGRP authentication' is enabled

Information

Enables the authentication of EIGRP neighbor before routing information is received from the neighbor

Rationale:

Enabling the routing protocol authentication prevents against attackers who can send wrong routing information in order to redirect traffic to their network or send malformed packets in order to saturate and to exhaust the control plane.

Solution

Step 1: Acquire the interface <interface_name> used by the firewall to receive EIGRP routing updates and the EIGRP Autonomous System number <as_number>

Step 2: Agree with the neighbor device on the authencation key <key_value> and determine an authentication key ID <key_id>

Step 3: Run the following to enable RIP authentication

hostname(config)#interface <interface_name>
hostname(config-if)#authentication mode eigrp <as_number> md5
hostname(config-if)#authentication key eigrp <as_number> <key_value> key-id <key_id>

Default Value:

Disabled by default

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-2(1), 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, CSCv7|11.1

Plugin: Cisco

Control ID: ee6e3392c6225de3316fde0f2494f16918f449c625f9ebc18dffa3439dfa56fc