Details

Configure the EIGRP address family key chain.

Rationale:

This is part of the EIGRP authentication configuration

Impact:

Organizations should plan and implement enterprise security policies that require rigorous authentication methods for routing protocols. Using the address-family ‘key chain’ for EIGRP enforces these policies by restricting the exchanges between predefined network devices.

Solution

Configure the EIGRP address family key chain.

hostname(config)#router eigrp
hostname(config-router)#address-family ipv4 autonomous-system {eigrp_as-number}
hostname(config-router-af)#af-interface {interface-name}
hostname(config-router-af-interface)#authentication key-chain {eigrp_key-chain_name}

Default Value:

No key chains are specified for EIGRP

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3156https://workbench.cisecurity.org/files/3156

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.

References

• 800-53|IA-3
• CSCv6|11
• CSCv7|11

Source

• Tenable.com/audits