
[EIGRP](/eigrp) requires certain configurations for successful neighbor relationships when using HMAC-SHA-256 for [authentication](/aaa). When configuring routers with both a [keychain](/ios-key-chain-feature) and an HMAC-SHA-256 password, both elements must be identical across all routers for the neighborship to be established successfully. 

Despite the keychain having identical key-strings on both routers, the HMAC-SHA-256 password specified in the authentication mode must also match.  Specifically, the following interface configuration mode command must have the `SECRET_KEY` password correctly configured...

```
R1(config-router-af-interface)#authentication mode hmac-sha-256 SECRET_KEY
```

... and the following keychain command must also have the `OUR_SECRET` password configured correctly:

```
R1(config)#key chain R1_R2_CHAIN
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string OUR_SECRET
R1(config-keychain-key)#exit
```

The fact that both passwords must be configured indicates that EIGRP internally combines the HMAC-SHA-256 password with the key-string to form an authentication digest. Discrepancy in passwords between routers will lead to mismatched hash values and failed authentication.

To configure HMAC-SHA-256 with a keychain, ensure a consistent password is specified in the `authentication mode` command across all routers alongside the keychain configurations.

## Links

https://networklessons.com/cisco/ccie-routing-switching-written/eigrp-sha-authentication

EIGRP Authentication with HMAC-SHA-256 and Keychains

Decrypt IPSec ESP traffic with Wireshark

Demand Circuits

Demarcation point

Difference between per-prefix LFA and per-link based LFA

Differences between CCIE and CCDE lab exams

Diffserv recommended configuration

Distribute-lists - using route maps to set attributes

Distribute-lists and named extended ACLs

ECMP Multicast Routing Cisco Nexus Switches

EEM - action mail

EEM - exit status variable

EEM Cisco Embedded Event Manager

EEM Matching a string within CLI output

EEM sync and skip keywords

EIGRP - Advertised metric is cumulative

EIGRP - Advertising a route using the network command

EIGRP - DUAL Algorithm and FD Set to Infinity

EIGRP - External routes from different ASes

EIGRP - Feasible Successors and the DUAL Algorithm

EIGRP - Hello interval and Hold time

EIGRP - Hop Count

EIGRP - Message TTL value of 2

EIGRP - Metric Equation Multipliers

EIGRP - Network command syntax

EIGRP - Queries

EIGRP - RTP's reliable message exchange process

EIGRP - Reliable Multicast

EIGRP - Router ID and loop prevention

EIGRP - SIA Process and RTP retry attempts

EIGRP - Source of values for metric calculation

EIGRP - Static neighbors over any L2 technology

EIGRP - Stub Router

EIGRP - Stub default behavior

EIGRP - Stub router types

EIGRP - Summarization per interface

EIGRP - Understanding Advertised Distance (AD)

EIGRP - Update message exchange process

EIGRP - Viewing RTP in Wireshark

EIGRP - af-interface configuration mode

EIGRP - how metrics are sent in updates

EIGRP - internal vs external routes

EIGRP - metric computation method

EIGRP - metric equation

EIGRP - named mode name

EIGRP - network command with no wildcard mask

EIGRP - redistribute connected and static routes

EIGRP - shutdown command

EIGRP - stub site function

EIGRP Create and advertise a default route

EIGRP Feasibility condition

EIGRP Header

EIGRP IP bandwidth-percent example

EIGRP Implementation by Non-Cisco Vendors

EIGRP LFA FRR

EIGRP Refining the behavior of load balancing with traffic-share

EIGRP SIA timers

EIGRP Useful Debug Commands

EIGRP authentication

EIGRP change rib scale

EIGRP establishing remote neighbors

EIGRP header - ACK field

EIGRP named mode

EIGRP on the Nexus Platform

EIGRP redistributing named mode

EIGRP rib-scale

EIGRP seed metrics when redistributing

EIGRP split horizon verification

EIGRP split-horizon vs poison reverse

EIGRP what happens when a feasible successor fails

EIGRP

EPC - Cisco Embedded Packet Capture

EVE-NG supported Cisco and other vendor images

Equal-cost Multi-path routing

EtherChannel - Converting an L2 EtherChannel to L3

EtherChannel - LACP System ID

EtherChannel - LACP fast-switchover

EtherChannel - Load Balancing on CatOS

EtherChannel - Load balancing algorithm applied globally and per portchannel

EtherChannel - Maximum Number of Physical Links

EtherChannel - PAgP timer, hello interval, and age value

EtherChannel - Troubleshooting on Cisco IOS Switches

EtherChannel - Understanding LACP port and system priorities

EtherChannel - applying configurations to the interface

EtherChannel - implementing over 802.1Q tunneling

EtherChannel - load balancing algorithms

EtherChannel - max-bundle

EtherChannel - prerequisites for bundling

EtherChannel

Ethernet - Pause Frames

Ethernet - role of FCS field

Ethernet - speed and duplex mismatches

Ethernet - speed and duplex settings on an ISR4431

Ethernet CSMA-CD

Ethernet VPN (EVPN)

Ethernet administrative and operational encapsulation

Ethernet administrative operational mode

Ethernet frame types

Ethernet header