Details

Define an authentication key chain to enable authentication for routing protocols. A key chain must have at least one key and can have up to 2,147,483,647 keys.

NOTE: Only DRP Agent, EIGRP, and RIPv2 use key chains.

Rationale:

Routing protocols such as DRP Agent, EIGRP, and RIPv2 use key chains for authentication.

Impact:

Organizations should plan and implement enterprise security policies that require rigorous authentication methods for routing protocols. Using ‘key chains’ for routing protocols enforces these policies.

Solution

Establish the key chain.

hostname(config)#key chain {key-chain_name}

Default Value:

Not set

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3156https://workbench.cisecurity.org/files/3156

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.

References

• 800-53|IA-3
• CSCv6|11
• CSCv7|11

Source

• Tenable.com/audits