EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.)
A.
Received packets are authenticated by the key with the smallest key ID.
B.
Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys.
C.
Received packets are authenticated by any valid key that is chosen.
D.
Sent packets are authenticated by the key with the smallest key ID.
Suggested Answer:CD🗳️
Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work: Router1(config)#key chain KeyChainR1
Router2(config-keychain)#key 1 - Router2(config-keychain-key)#key-string FirstKey Router2(config-keychain-key)#key 2 Router2(config-keychain-key)#key-string SecondKey Apply these key chains to R1 & R2: "Pass Any Exam. Any Time." - www.actualtests.com 173 Router1(config)#interface fastEthernet 0/0 Router1(config-if)#ip authentication mode eigrp 1 md5 Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 Router2(config)#interface fastEthernet 0/0 Router2(config-if)#ip authentication mode eigrp 1 md5 Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2 There are some rules to configure MD5 authentication with EIGRP: + The key chain names on two routers do not have to match (in this case the name "KeyChainR1 & "KeyChainR2 do not match) + The key number and key-string on the two potential neighbors must match (for example "key 1 & "key-string FirstKey" must match on "key 1" & "key-string FirstKey" of neighboring router) Also some facts about MD5 authentication with EIGRP + When sending EIGRP messages the lowest valid key number is used -> D is correct. + When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why answer B is not correct: each packet is NOT "replicated as many times as the number of existing valid keys". All currently configured valid keys are verified but the lowest valid one will be used.
Currently there are no comments in this discussion, be the first to comment!
This section is not available anymore. Please use the main Exam Page.400-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Comments