EIGRP Configuration and Advanced Concepts

1. What Is EIGRP?

EIGRP (Enhanced Interior Gateway Routing Protocol) is a Cisco-proprietary advanced distance-vector routing protocol. Originally developed as a proprietary improvement over IGRP, EIGRP was later partially opened in 2013 (RFC 7868) to allow other vendors to implement it — though it remains predominantly a Cisco-environment technology.

EIGRP is often called a hybrid protocol because it incorporates features of both distance-vector and link-state protocols: like distance-vector protocols it shares routing information with directly connected neighbours, but like link-state protocols it maintains a topology database and uses a sophisticated loop-free algorithm (DUAL) rather than the simple Bellman-Ford used by RIP.

Feature	EIGRP	OSPF	RIP v2
Protocol type	Advanced distance-vector (hybrid)	Link-state	Distance-vector
Algorithm	DUAL (Diffusing Update Algorithm)	Dijkstra SPF	Bellman-Ford
Metric	Composite (bandwidth + delay by default)	Cost (based on bandwidth)	Hop count (max 15)
Administrative Distance	90 (internal), 170 (external)	110	120
Convergence speed	Very fast — uses pre-computed backup paths	Fast	Slow (up to 3 min)
VLSM / CIDR support	Yes	Yes	Yes (v2)
Unequal-cost load balancing	Yes — unique to EIGRP	No	No
Vendor support	Primarily Cisco	Open standard — all vendors	Open standard

2. EIGRP Packet Types

EIGRP uses five distinct packet types, each serving a specific role in neighbour discovery, route exchange, and reliability. EIGRP uses its own transport layer protocol — RTP (Reliable Transport Protocol) — which runs directly over IP (protocol number 88) and provides reliable, ordered delivery for Update, Query, and Reply packets using multicast (224.0.0.10) or unicast.

Packet Type	Purpose	Delivery	Requires ACK?
Hello	Discover and maintain neighbour relationships. Sent periodically on every EIGRP-enabled interface. If hellos stop, the hold timer counts down and the neighbour is declared dead.	Multicast 224.0.0.10 (or unicast for non-broadcast links)	No (unreliable)
Update	Carries routing information to neighbours. Sent only when there is a change (not periodic). Sent to all neighbours or targeted unicast.	Multicast or unicast	Yes (reliable)
Query	Sent when a route is lost and no feasible successor exists — asks neighbours if they have an alternative path. This is the core of DUAL's distributed computation.	Multicast or unicast	Yes (reliable)
Reply	Response to a Query packet — sent unicast back to the querying router with either a path to the destination or a "no path" response.	Unicast	Yes (reliable)
Acknowledgment (ACK)	Confirms receipt of reliable packets (Update, Query, Reply). Sent as a Hello with no data.	Unicast	No

3. Basic EIGRP Configuration

Configuring EIGRP on a Cisco router requires enabling the process, defining which interfaces participate via network statements, and optionally setting a router ID.

Complete Basic Configuration

! Step 1: Enter EIGRP process with Autonomous System number
Router(config)# router eigrp 100
!                              ↑
!                       AS number (1–65535) — must match all neighbours

! Step 2: Disable auto-summary (essential in modern networks)
Router(config-router)# no auto-summary

! Step 3: Set a stable Router ID (recommended)
Router(config-router)# eigrp router-id 1.1.1.1

! Step 4: Define participating networks using wildcard masks
Router(config-router)# network 10.0.0.0 0.0.0.255      ! Enables on 10.0.0.x interfaces
Router(config-router)# network 172.16.1.0 0.0.0.255    ! Enables on 172.16.1.x interfaces
Router(config-router)# network 192.168.1.0 0.0.0.0     ! Host-specific (single interface)

Network statement wildcard mask: EIGRP network statements use wildcard masks (inverse of subnet mask). The wildcard determines which interfaces are activated. network 10.0.0.0 0.0.0.255 enables EIGRP on any interface whose IP falls in the 10.0.0.0–10.0.0.255 range. Using 0.0.0.0 as the wildcard is the most precise — it matches only that exact IP address, activating EIGRP on exactly one interface.

Passive Interface

! Prevent EIGRP from sending hellos on an interface (e.g., facing end users)
! while still advertising the connected network
Router(config-router)# passive-interface GigabitEthernet0/1

! Make all interfaces passive by default, then selectively enable EIGRP
Router(config-router)# passive-interface default
Router(config-router)# no passive-interface GigabitEthernet0/0  ! Enable only this one

Security best practice: Configure passive-interface on all interfaces that face end hosts (access layer ports, internet-facing links). This prevents EIGRP hellos from being sent toward devices that should not be EIGRP neighbours, reduces unnecessary traffic, and prevents rogue routers from forming neighbour relationships.

4. EIGRP Metric Calculation and K-Values

EIGRP uses a composite metric calculated from five components, each weighted by a K-value. By default only bandwidth (K1) and delay (K3) contribute — the others are set to 0.

K-Values and Their Components

K-Value	Metric Component	Default Value	Notes
K1	Bandwidth	1 (active)	Slowest bandwidth along the path (bottleneck)
K2	Load	0 (inactive)	Current traffic load — rarely used (changes dynamically)
K3	Delay	1 (active)	Cumulative delay along the entire path (sum of all interface delays)
K4	Reliability	0 (inactive)	Link reliability (255 = 100% reliable)
K5	MTU (via reliability modifier)	0 (inactive)	Only used in conjunction with K4

Metric Formula

Metric = [K1 × (10⁷ / min_bandwidth) + K3 × (cumulative_delay / 10)] × 256

With defaults (K1=1, K3=1, others=0):
Metric = [(10⁷ / min_bandwidth_kbps) + (sum_of_delays_µs / 10)] × 256

! Bandwidth is in kbps; delay is in microseconds
! "min_bandwidth" = the lowest bandwidth on ANY link along the path (bottleneck)
! "cumulative_delay" = SUM of all interface delays along the path

Example: Path through two links
  Link 1: bandwidth 100 Mbps (100,000 kbps), delay 100 µs
  Link 2: bandwidth  10 Mbps  (10,000 kbps), delay 200 µs

  Minimum bandwidth = 10,000 kbps (Link 2 is the bottleneck)
  Cumulative delay  = 100 + 200 = 300 µs

  Metric = [(10,000,000 / 10,000) + (300 / 10)] × 256
         = [1000 + 30] × 256
         = 1030 × 256
         = 263,680

Critical exam point: K-values must be identical on both sides of a neighbour relationship. If K-values differ, the routers cannot form a neighbour adjacency — they will log a warning like "K-value mismatch" and reject the relationship. Verify with show ip protocols — look for the K-values line.

Changing K-Values (Not Recommended in Production)

! View current K-values
Router# show ip protocols

! Modify K-values (must match on ALL EIGRP neighbours in the AS)
Router(config-router)# metric weights 0 1 0 1 0 0
!                      TOS K1 K2 K3 K4 K5
!                      (TOS always 0 for EIGRP)

5. EIGRP Neighbour Discovery and Adjacency

EIGRP neighbours discover each other by exchanging Hello packets on shared network segments. A neighbour relationship (adjacency) forms only when all requirements are met. Once adjacent, neighbours exchange their full topology tables via Update packets, then only send incremental updates when topology changes occur.

Neighbour Adjacency Requirements

Requirement	Must Match?	Notes
Autonomous System (AS) number	Yes — must be identical	Routers with different AS numbers silently ignore each other's hellos
K-values	Yes — must be identical	K-value mismatch prevents adjacency with an error log message
Shared subnet	Yes — interfaces must be on same subnet	Routers must be reachable Layer 3 neighbours
Authentication	Yes — if enabled, must match on both sides	MD5 key and key-chain must match; mismatched auth silently drops hellos
Hello / Hold timers	No — do not need to match	Each router uses its own timers; hold timer from neighbour is respected
Router ID	Must be unique	Duplicate router IDs cause adjacency issues and routing instability

Hello and Hold Timers

Interface Type	Default Hello Interval	Default Hold Time	Relationship
LAN (GigabitEthernet, FastEthernet, VLAN)	5 seconds	15 seconds (3 × hello)	Hold = 3 × Hello interval
WAN (Serial, low-speed < 1.544 Mbps)	60 seconds	180 seconds (3 × hello)	Hold = 3 × Hello interval

! Verify neighbour relationships
Router# show ip eigrp neighbors

IP-EIGRP neighbors for process 100
H   Address        Interface    Hold Uptime    SRTT   RTO  Q Seq
                                (sec)          (ms)       Cnt Num
0   10.1.1.2       Gi0/0          13 00:05:22  1     200  0  15
1   10.2.2.2       Gi0/1          11 00:05:20  2     200  0  12

! Key fields:
! H     = Handle number (order neighbours were discovered)
! Hold  = Seconds remaining before neighbour declared dead
! SRTT  = Smooth Round-Trip Time in ms (used for RTO calculation)
! RTO   = Retransmission Timeout in ms
! Q Cnt = Number of packets in the retransmission queue (should be 0)

6. EIGRP Topology Table — DUAL, Successor and Feasible Successor

EIGRP maintains three tables: the neighbour table (adjacent routers), the topology table (all known paths to all destinations), and the routing table (best paths installed for forwarding). The DUAL algorithm selects routes from the topology table using two key concepts:

Key DUAL Concepts

Term	Definition	In the Routing Table?
Reported Distance (RD)	The metric a neighbour advertises to reach a destination — what the neighbour says the cost is from itself to the destination	No — used internally for calculations
Feasible Distance (FD)	The total metric from this router to the destination — our local interface cost plus the neighbour's Reported Distance	Yes — the best FD goes into the routing table
Successor	The neighbour with the lowest Feasible Distance to a destination — the primary next-hop. Installed in the routing table.	Yes — primary route
Feasible Successor (FS)	A backup neighbour whose Reported Distance is strictly less than the current Feasible Distance (the Feasibility Condition). Pre-computed backup — instant failover without querying.	In topology table only — used instantly if Successor fails

Feasibility Condition

Feasibility Condition (FC): A neighbour qualifies as a Feasible Successor if its Reported Distance (RD) is strictly less than the current Feasible Distance (FD). This guarantees loop-free backup paths — if the neighbour's cost to the destination is less than our total cost, that neighbour cannot be routing through us (which would create a loop).

Example topology:
  R1 wants to reach 10.10.10.0/24
  Via R2: FD = 100 (Successor)  — R2's RD = 80
  Via R3: FD = 120              — R3's RD = 70

  Is R3 a Feasible Successor?
  R3's RD (70) < Current FD (100)? YES → R3 qualifies as FS

  Via R4: FD = 115              — R4's RD = 105
  Is R4 a Feasible Successor?
  R4's RD (105) < Current FD (100)? NO → R4 does NOT qualify as FS

! View the topology table — shows successors and feasible successors
Router# show ip eigrp topology

IP-EIGRP Topology Table for AS(100)/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply
       r - reply Status, s - sia Status

P 10.10.10.0/24, 2 successors, FD is 263680
        via 10.1.1.2 (263680/163840), GigabitEthernet0/0   ← Successor
        via 10.2.2.2 (279040/179200), GigabitEthernet0/1   ← Feasible Successor

! P = Passive (stable, not in active DUAL computation)
! A = Active (DUAL is running queries — route is currently being recomputed)
! FD value shown after route prefix
! "via" line: (Feasible Distance / Reported Distance), egress interface

Active vs Passive State

Passive (P): The route is stable. A successor is known. Normal state.
Active (A): The successor was lost AND no feasible successor exists. DUAL is running distributed queries to all neighbours. The route remains in Active state until all queries receive Replies.

Stuck In Active (SIA): If a query goes unanswered for 3 minutes (the SIA timer), EIGRP tears down the neighbour relationship with the non-responding router. SIA is often caused by query scope too wide (fix with stub routing) or network instability.

7. Route Summarisation in EIGRP

Summarisation reduces routing table size, limits EIGRP query scope, and improves convergence. EIGRP supports both automatic (classful) and manual summarisation.

Automatic Summarisation

! Auto-summary is DISABLED by default in IOS 15+ and EIGRP named mode
! It summarises routes at classful boundaries (Class A/B/C borders)
! This can cause problems with discontiguous subnets

! Disable auto-summary (do this in ALL modern configurations):
Router(config-router)# no auto-summary

! Verify auto-summary status:
Router# show ip protocols
! Look for "Automatic network summarization: not in effect"

Why disable auto-summary? If you have 10.1.1.0/24 and 10.2.2.0/24 on different routers, auto-summary summarises both to 10.0.0.0/8 at classful boundaries. If those two subnets are separated by a different address space (discontiguous), this creates black-hole routes. Always disable auto-summary in networks with VLSM.

Manual Summarisation

! Manual summaries are configured per-interface, per-direction (outbound)
! Applied on the interface where you SEND the summary to neighbours

! Example: Summarise 10.1.0.0/24, 10.1.1.0/24, 10.1.2.0/24, 10.1.3.0/24
! → Summary: 10.1.0.0/22 (covers /24 networks .0 through .3)

Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip summary-address eigrp 100 10.1.0.0 255.255.252.0

! EIGRP installs a Null0 route for the summary:
! 10.1.0.0/22 via Null0, AD 5 — prevents routing loops if a subnet is missing

Null0 route benefit: When you configure a manual summary, EIGRP automatically installs a summary route to Null0 on the advertising router with AD 5. If traffic arrives for a destination within the summary range but no specific subnet exists, it hits Null0 and is dropped — preventing it from being forwarded via the default route and potentially looping.

8. EIGRP Authentication — MD5 and SHA-256

EIGRP authentication prevents rogue routers from forming neighbour relationships or injecting false routing information. Authentication is configured per-interface and requires a key chain defined in global configuration.

MD5 Authentication Configuration

! Step 1: Create the key chain in global config
Router(config)# key chain EIGRP_KEYS
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string MySecretPassword
Router(config-keychain-key)# exit

! Step 2: Enable MD5 authentication on the interface
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip authentication mode eigrp 100 md5
Router(config-if)# ip authentication key-chain eigrp 100 EIGRP_KEYS

! Both commands are required:
! "mode md5"        — sets the authentication type
! "key-chain"       — specifies which key chain to use

Both commands must be configured: ip authentication mode eigrp 100 md5 enables MD5 authentication, and ip authentication key-chain eigrp 100 EIGRP_KEYS specifies the key to use. Missing either command means authentication doesn't work. Authentication must match on both sides — if one router has authentication and the other doesn't, the adjacency drops silently.

SHA-256 Authentication (EIGRP Named Mode)

! EIGRP Named Mode provides SHA-256 (stronger than MD5)
Router(config)# router eigrp MYPROCESS
Router(config-router)# address-family ipv4 unicast autonomous-system 100
Router(config-router-af)# af-interface GigabitEthernet0/0
Router(config-router-af-interface)# authentication mode hmac-sha-256 MyPassword

Verify Authentication

! Check authentication status on interface
Router# show eigrp address-family ipv4 interfaces detail Gi0/0
! Look for "Authentication mode:   md5, key-chain: EIGRP_KEYS"

! If neighbours drop after enabling auth, check:
Router# debug eigrp packets
! Look for "authentication failure" messages

9. Load Balancing in EIGRP

Equal-Cost Load Balancing

EIGRP installs multiple paths with identical metrics into the routing table and distributes traffic across them. By default, up to 4 equal-cost paths are installed (configurable up to 16 with maximum-paths).

! View equal-cost routes (multiple "D" entries with same metric)
Router# show ip route eigrp
D  10.10.10.0/24  [90/263680] via 10.1.1.2, 00:02:15, GigabitEthernet0/0
                  [90/263680] via 10.2.2.2, 00:02:15, GigabitEthernet0/1

! Increase maximum paths (default 4, max 16)
Router(config-router)# maximum-paths 8

Unequal-Cost Load Balancing — variance

EIGRP's variance command is unique — no other routing protocol supports unequal-cost load balancing natively. It allows EIGRP to install backup paths whose metric is within a multiplier of the best path's metric.

! Variance multiplier — allows paths with FD ≤ (variance × successor FD) to be installed
Router(config-router)# variance 2

! Example:
! Successor FD = 263,680
! Backup path FD = 450,000
! With variance 2: 450,000 ≤ (2 × 263,680) = 527,360? YES → installed
! With variance 2: 600,000 ≤ (2 × 263,680) = 527,360? NO  → not installed

Variance requirement: A path can only be included in unequal-cost load balancing if it is a Feasible Successor (its RD < current FD) AND its FD is within the variance multiplier. If a path has a higher FD than the successor but is not a feasible successor, variance alone cannot include it — you cannot use variance to bypass the Feasibility Condition.

! Traffic is proportional to metric — lower metric paths carry more traffic
! Verify load balancing in the routing table:
Router# show ip route 10.10.10.0
! Both paths shown — traffic distributed inversely proportional to metric

10. EIGRP Stub Routing

In hub-and-spoke networks, branch (spoke) routers often have only one path to the hub. Without stub routing, when a route is lost at the hub, the hub sends QUERY packets to all spokes — which must reply before DUAL can converge. With many spokes, this creates a query storm that dramatically slows convergence.

Stub routing tells the hub that this router is a stub — the hub will NOT send it queries, instantly limiting the query scope and speeding up convergence.

  Without stub routing (query storm):
  Hub → sends QUERY to Spoke1, Spoke2, Spoke3... SpokN
  All spokes must REPLY before convergence
  Slow convergence if many spokes or WAN latency

  With stub routing:
  Spoke(config-router)# eigrp stub
  Hub knows: "Don't send queries to this stub router"
  Convergence: Hub only waits for non-stub neighbours

Stub Options

! Basic stub — only advertises connected and summary routes
Router(config-router)# eigrp stub

! Stub options (can be combined):
Router(config-router)# eigrp stub connected       ! Advertise connected routes only
Router(config-router)# eigrp stub summary         ! Advertise summary routes only
Router(config-router)# eigrp stub static          ! Advertise redistributed static routes
Router(config-router)# eigrp stub redistributed   ! Advertise all redistributed routes
Router(config-router)# eigrp stub receive-only    ! Receive only — advertise nothing (no transit)

! Verify stub configuration
Router# show ip eigrp neighbors detail
! Look for "EIGRP-IPv4 Stub Routing" in the neighbour detail

11. Advanced Timer Tuning

Adjusting EIGRP timers allows faster failure detection at the cost of increased CPU and bandwidth. Timer changes take effect immediately without resetting the adjacency.

! Tune hello and hold timers per interface
! (Timers do NOT need to match between neighbours)
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip hello-interval eigrp 100 2    ! Send hello every 2 seconds
Router(config-if)# ip hold-time eigrp 100 6         ! Declare neighbour dead after 6 seconds

! Aggressive timers (sub-second for rapid failover):
Router(config-if)# ip hello-interval eigrp 100 1
Router(config-if)# ip hold-time eigrp 100 3

! Verify current timers
Router# show ip eigrp interfaces detail GigabitEthernet0/0
! Shows: Hello-interval is 2, Hold-time is 6

Timer mismatch is fine: Unlike OSPF (where timers must match for adjacency), EIGRP timers do not need to be identical on both sides of a neighbour relationship. Each router advertises its own hold time to its neighbour via the Hello packet header, and the neighbour uses the received hold time to time out that specific adjacency.

12. Redistribution with EIGRP

EIGRP can redistribute routes from other routing protocols and vice versa. All redistributed routes enter EIGRP as external routes with an Administrative Distance of 170 (vs 90 for internal EIGRP routes).

! Redistribute OSPF routes into EIGRP
! Must provide a seed metric — EIGRP cannot compute a metric for external routes
Router(config-router)# redistribute ospf 1 metric 10000 100 255 1 1500
!                                                  ↑     ↑   ↑  ↑   ↑
!                          bandwidth(kbps) delay(µs) reliability load  MTU

! Redistribute static routes into EIGRP
Router(config-router)# redistribute static metric 10000 100 255 1 1500

! Redistribute connected interfaces into EIGRP
Router(config-router)# redistribute connected metric 10000 100 255 1 1500

! Verify redistributed routes in the topology table (marked EX):
Router# show ip eigrp topology
! Look for "D EX" in show ip route — external EIGRP routes

Metric is required for redistribution into EIGRP. Unlike OSPF (which can use a default seed metric), EIGRP will not redistribute routes without a complete metric definition. The five values are: bandwidth (kbps), delay (microseconds), reliability (1–255), load (1–255), MTU (bytes). Common values used: 10000, 100, 255, 1, 1500.

13. EIGRP for IPv6

EIGRP natively supports IPv6 through a separate process. IPv6 EIGRP is enabled per-interface rather than via network statements, and requires a manually configured router ID (since there may be no IPv4 address to derive one from).

! Step 1: Enable IPv6 unicast routing (if not already enabled)
Router(config)# ipv6 unicast-routing

! Step 2: Create the IPv6 EIGRP process and set router ID
Router(config)# ipv6 router eigrp 100
Router(config-rtr)# router-id 1.1.1.1          ! Must be set manually for IPv6 EIGRP
Router(config-rtr)# no shutdown                ! IPv6 EIGRP process is shutdown by default

! Step 3: Enable EIGRP on each interface
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ipv6 eigrp 100              ! Enable IPv6 EIGRP on this interface

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ipv6 eigrp 100

! Step 4: Verify
Router# show ipv6 eigrp neighbors
Router# show ipv6 eigrp topology
Router# show ipv6 route eigrp

Key IPv6 EIGRP differences: No network statements — EIGRP is enabled directly on interfaces with ipv6 eigrp <AS>. The process is administratively shut down by default and requires no shutdown. The router ID must be set explicitly as a 32-bit IPv4-format value even in IPv6 EIGRP. Uses IPv6 multicast address FF02::A for hellos.

14. Troubleshooting EIGRP

Symptom	Likely Cause	Diagnostic & Fix
Neighbours not forming	AS number mismatch, K-value mismatch, authentication mismatch, or not on shared subnet	`show ip eigrp neighbors` — should show adjacency. Check `show ip protocols` for AS and K-values. Check interface subnet addresses. Use `debug eigrp packets hello` to watch hello exchange.
Routes not appearing in routing table	Missing network statement, passive interface blocking, auto-summary issue, or route being filtered	`show ip eigrp topology` — if route is in topology but not routing table, check AD. `show ip interface brief` to verify interface is up. `show ip protocols` to check passive interfaces and network statements.
Route stuck in Active state	No feasible successor, query not being answered (SIA), network instability	`show ip eigrp topology active` — shows routes in active state and which neighbours have not replied. Implement stub routing on edge routers to limit query scope.
Suboptimal routing / wrong path used	Interface bandwidth or delay misconfigured, auto-summary causing wrong summary, wrong K-values	`show ip eigrp topology <prefix>` — shows FD and RD for each path. Check `bandwidth` and `delay` settings on interfaces with `show interfaces`.
Neighbours keep flapping (forming then dropping)	Hello timer too aggressive, unreliable WAN link, authentication key expiring	`show ip eigrp neighbors` — watch Uptime and Q Cnt. Check `show logging` for DUAL events. Verify key chain key validity period with `show key chain`.

Complete Verification Command Reference

show ip eigrp neighbors              ! Neighbour table — adjacency status
show ip eigrp topology               ! Full topology table — successors and FSs
show ip eigrp topology all-links     ! All paths including non-FS routes
show ip eigrp topology active        ! Routes currently in Active DUAL state
show ip route eigrp                  ! EIGRP routes installed in routing table
show ip protocols                    ! EIGRP process, AS, K-values, networks, timers
show ip eigrp interfaces             ! Interfaces running EIGRP and timer values
show ip eigrp interfaces detail      ! Detailed interface info including auth status
show ip eigrp traffic                ! Packet counters per type (hello, update, etc.)
debug eigrp packets                  ! Real-time packet trace — use in lab only!
debug eigrp fsm                      ! DUAL finite state machine events

15. Key Points & Exam Tips

EIGRP = Cisco-proprietary advanced distance-vector; uses DUAL algorithm; AD 90 (internal), AD 170 (external).
Protocol 88 over IP; multicast 224.0.0.10; uses RTP for reliable delivery of Update/Query/Reply.
Metric: bandwidth (K1) + delay (K3) by default; K-values must match on both sides for adjacency.
Metric formula: [(10⁷ / min_bw_kbps) + (sum_delay_µs / 10)] × 256. Bandwidth = lowest on path; delay = cumulative sum.
Successor = best path (installed in routing table). Feasible Successor = backup path where neighbour's RD < current FD — instant failover without querying.
Adjacency requirements: same AS number, same K-values, shared subnet, matching authentication. Timers do NOT need to match.
Hello/Hold timers: LAN = 5s/15s; WAN = 60s/180s. Timers configured per-interface, not per-process.
no auto-summary — always disable in modern networks to avoid discontiguous subnet problems.
variance N — enables unequal-cost load balancing; path must be a FS and FD ≤ N × best FD.
eigrp stub on branch routers prevents hub from sending queries to spokes — limits query scope, fixes SIA issues in hub-and-spoke.
Authentication: requires two commands on the interface — ip authentication mode eigrp <AS> md5 AND ip authentication key-chain eigrp <AS> <chain-name>.
Redistribution into EIGRP requires a seed metric (all 5 values).

16. EIGRP Configuration Quiz

1. Two EIGRP routers are directly connected and have matching AS numbers. Router A has K-values K1=1, K2=0, K3=1, K4=0, K5=0. Router B has K-values K1=1, K2=1, K3=1, K4=0, K5=0. What happens when they attempt to form a neighbour relationship?

A. They form an adjacency — K2 is disabled by default and has no effect on adjacency formation B. They form a partial adjacency — routes are exchanged but metrics are calculated differently by each router C. The adjacency fails — EIGRP requires K-values to be identical on both sides; a mismatch generates a K-value mismatch error and the neighbour relationship is rejected D. Router A adopts Router B's K-values automatically

Correct answer is C. EIGRP K-values must be identical on both neighbours. They are exchanged in Hello packets as part of the parameter negotiation. If they don't match, the router receiving the Hello with mismatched K-values logs: "K-value mismatch" and rejects the neighbour relationship entirely — no adjacency forms. The K2=1 on Router B means it includes load in metric calculation while Router A does not — these are fundamentally incompatible. Verify with show ip protocols and check the K-values line on both routers.

2. Router R1 has the following EIGRP topology table entry for 10.0.0.0/24:
`P 10.0.0.0/24, 1 successor, FD is 263680`
`via 10.1.1.2 (263680/160000), Gi0/0`
`via 10.2.2.2 (310000/175000), Gi0/1`
Which path qualifies as a Feasible Successor and why?

A. 10.2.2.2 qualifies because its FD (310000) is within variance 2 of the best path B. Neither path is a feasible successor — only successors appear in the topology table C. 10.2.2.2 does not qualify because its FD (310000) is greater than the successor FD (263680) D. 10.2.2.2 qualifies as a Feasible Successor because its Reported Distance (175000) is less than the current Feasible Distance (263680) — the Feasibility Condition is satisfied

Correct answer is D. The Feasibility Condition states: a neighbour qualifies as a Feasible Successor if its Reported Distance (RD) is strictly less than the current best Feasible Distance (FD). Reading the topology table: via 10.2.2.2 shows (FD/RD) = (310000/175000). The RD is 175000. The current FD is 263680. Is 175000 < 263680? YES — the FC is satisfied, so 10.2.2.2 is a Feasible Successor and will be used for instant failover if 10.1.1.2 fails, without sending queries. Option C is wrong — FD comparison is not the criterion; RD comparison is.

3. A hub-and-spoke EIGRP network has 50 spoke sites. When a link fails at the hub, convergence takes over 3 minutes and some adjacencies drop (SIA — Stuck in Active). What is the correct solution?

A. Reduce the hold timer to 3 seconds on all spoke interfaces to speed up failure detection B. Configure eigrp stub on all spoke routers — this prevents the hub from sending queries to spokes, limiting query scope and eliminating SIA for hub-facing routes C. Increase the DUAL SIA timer to 10 minutes so routers wait longer before tearing down adjacencies D. Change variance to 50 to accommodate all possible paths from the 50 spokes

Correct answer is B. SIA in hub-and-spoke is a classic query scope problem. When a route is lost at the hub and no feasible successor exists, DUAL floods query packets to all neighbours — all 50 spokes. Each spoke must reply before DUAL converges. If any spoke is slow or unreachable (WAN latency), the hub waits 3 minutes then tears down that adjacency (SIA). Configuring eigrp stub on spokes tells the hub "don't query these routers" — the hub excludes all stubs from its query scope, achieves instant convergence for hub routes, and eliminates SIA entirely. Stub routers still receive routes normally; they just can't be transit points.

4. An engineer configures `variance 3` on an EIGRP router. The successor's Feasible Distance is 100,000. Which backup paths can participate in unequal-cost load balancing?

A. Only Feasible Successors with FD ≤ 300,000 — paths must satisfy the Feasibility Condition (RD < best FD) AND have FD within variance multiplier (FD ≤ 3 × 100,000) B. Any path with FD ≤ 300,000 regardless of whether it satisfies the Feasibility Condition C. Only paths with FD exactly 3 times the successor FD (= 300,000) D. All paths in the topology table up to 3 hops away

Correct answer is A. Variance enables unequal-cost load balancing but with two strict conditions: (1) The path must be a Feasible Successor — its RD must be strictly less than the successor's FD (Feasibility Condition). Variance alone cannot override this. (2) The path's FD must be less than or equal to variance × successor FD (3 × 100,000 = 300,000). Both conditions must be met simultaneously. This is why variance does not cause routing loops — the FC still guarantees loop-free paths, while variance just determines which loop-free alternatives to install. Traffic is distributed inversely proportional to each path's metric.

5. An engineer configures EIGRP authentication on Router A's Gi0/0 interface with key-chain MYKEY. Router B on the other end has no authentication configured. What happens to their EIGRP adjacency?

A. Router B accepts the neighbour relationship but ignores the authentication B. Router A warns that authentication is missing on one side but still forms the adjacency C. The adjacency drops — Router B's hellos carry no authentication, which Router A rejects; Router A's authenticated hellos are rejected by Router B because it is not expecting authentication D. Both routers log an error but maintain the adjacency using unauthenticated mode

Correct answer is C. EIGRP authentication must be symmetrical — if Router A has authentication enabled and Router B does not, the adjacency fails in both directions. Router A receives unauthenticated hellos from Router B and rejects them silently (drops the packet). Router B receives authenticated hellos from Router A — since Router B has no authentication configured, it cannot validate the authentication data and also drops the hellos. The result is that neither router sees hellos from the other as valid, hold timers expire, and the adjacency (if it existed) drops. No authenticated or partial adjacency is possible with mismatched authentication configuration.

6. A router has these networks configured in EIGRP: 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24. The engineer adds `ip summary-address eigrp 100 192.168.12.0 255.255.252.0` on Gi0/0. What additional route does the router install in its local routing table?

A. A static route to 192.168.12.0/22 via the ISP B. A summary route to 192.168.12.0/22 via Null0 with AD 5 — prevents routing loops if a specific subnet within the summary is absent C. Nothing — the summary is only advertised outbound and has no local effect D. A host route (192.168.12.0/32) to prevent packet loss

Correct answer is B. When a manual EIGRP summary is configured, the router automatically installs a discard route (Null0) for the summary prefix in its own routing table with Administrative Distance 5. This is a loop prevention mechanism: if traffic arrives for a destination within 192.168.12.0/22 but the specific /24 subnet doesn't exist locally (e.g., 192.168.13.0/24 link is down), the traffic would otherwise match the default route and potentially loop. The Null0 route ensures it is dropped immediately with an ICMP Unreachable. The AD 5 makes it less preferred than any real route (AD 90 for EIGRP internal, AD 1 for static) but more preferred than default routes (AD 1+).

7. Which two commands are both required to enable EIGRP MD5 authentication on interface GigabitEthernet0/0 for AS 100 using key-chain MYCHAIN?

A. ip eigrp 100 authentication md5 and ip eigrp 100 key-chain MYCHAIN B. router eigrp 100 authentication md5 and router eigrp 100 key-chain MYCHAIN C. ip authentication md5 eigrp 100 MYCHAIN (single command) D. ip authentication mode eigrp 100 md5 and ip authentication key-chain eigrp 100 MYCHAIN, both entered under interface Gi0/0

Correct answer is D. EIGRP interface authentication requires exactly two commands, both entered in interface configuration mode: (1) ip authentication mode eigrp 100 md5 — enables MD5 as the authentication method for EIGRP AS 100 on this interface. (2) ip authentication key-chain eigrp 100 MYCHAIN — specifies which key chain to use. Both must be present; omitting either means authentication doesn't function. The key chain (MYCHAIN) must also be defined in global config with at least one key and key-string. Authentication is per-interface, so both sides of a link need these commands with matching key-strings.

8. What is the Administrative Distance of an EIGRP external route, and in what situation would this matter for routing decisions?

A. AD 170 — if both EIGRP external and OSPF (AD 110) routes exist for the same prefix, OSPF wins because its AD (110) is lower, even though the route was redistributed into EIGRP B. AD 90 — same as internal EIGRP routes, so external routes have equal preference C. AD 170 — EIGRP external routes always win over all other protocols because EIGRP is faster than OSPF D. AD 20 — same as eBGP, so they compete directly with BGP routes

Correct answer is A. EIGRP distinguishes between internal routes (learned natively within EIGRP, AD 90) and external routes (redistributed from another protocol into EIGRP, AD 170). The high AD 170 for external routes is intentional — it makes them less preferred than natively learned routes. A practical scenario: a network runs both EIGRP and OSPF, and mutual redistribution is configured. If an OSPF route (AD 110) and an EIGRP external route (AD 170) exist for the same prefix on the same router, OSPF wins (AD 110 < 170). This prevents EIGRP-redistributed routes from displacing better natively learned routes.

9. A network administrator runs `show ip eigrp topology` and sees a route marked as "A" (Active) for over 4 minutes. What does this indicate and what is the likely consequence if it persists?

A. Active means the route is in use and this is normal operational behaviour B. Active means the route is actively load-balancing across multiple paths C. Active means DUAL is waiting for Query replies from one or more neighbours — if a reply is not received within 3 minutes (SIA timer), the non-responding neighbour's adjacency is torn down D. Active means the route was learned via a floating static override and may be removed soon

Correct answer is C. In EIGRP topology table output, "P" = Passive (stable, normal) and "A" = Active (DUAL is running). A route goes Active when the successor fails AND no feasible successor exists — DUAL sends Query packets to all neighbours asking for alternative paths. The router must wait for all queries to receive Reply packets before convergence. If a neighbour hasn't replied after 3 minutes (the SIA — Stuck In Active — timer), EIGRP tears down the adjacency to that neighbour and resets it. Active routes for more than a few seconds indicate a problem. Use show ip eigrp topology active to see which neighbours have not replied.

10. When configuring EIGRP for IPv6, what key difference from EIGRP for IPv4 means you cannot use the same `network` statement approach?

A. IPv6 EIGRP uses a different AS numbering scheme that doesn't support network statements B. IPv6 EIGRP is enabled per-interface using ipv6 eigrp <AS> directly on each interface — there are no network statements. The process is also administratively shutdown by default and requires no shutdown, and the router ID must be set manually. C. IPv6 EIGRP uses OSPFv3-style area configuration instead of network statements D. IPv6 EIGRP only supports named mode and does not have an AS number

Correct answer is B. IPv6 EIGRP differs from IPv4 EIGRP in three important ways: (1) No network statements — EIGRP is activated on specific interfaces by entering interface mode and running ipv6 eigrp <AS>. (2) The IPv6 EIGRP process is shutdown by default and requires no shutdown under

ipv6 router eigrp
                  <AS>

. (3) The router ID must be set manually as a 32-bit value (e.g., 1.1.1.1) since there may be no IPv4 addresses on the router to derive it from automatically. IPv6 EIGRP uses the multicast address FF02::A for hellos instead of 224.0.0.10.

← Back to Home

EIGRP Configuration and Advanced Concepts

1. What Is EIGRP?

2. EIGRP Packet Types

3. Basic EIGRP Configuration

Complete Basic Configuration

Passive Interface

4. EIGRP Metric Calculation and K-Values

K-Values and Their Components

Metric Formula

Changing K-Values (Not Recommended in Production)

5. EIGRP Neighbour Discovery and Adjacency

Neighbour Adjacency Requirements

Hello and Hold Timers

6. EIGRP Topology Table — DUAL, Successor and Feasible Successor

Key DUAL Concepts

Feasibility Condition

Active vs Passive State

7. Route Summarisation in EIGRP

Automatic Summarisation

Manual Summarisation

8. EIGRP Authentication — MD5 and SHA-256

MD5 Authentication Configuration

SHA-256 Authentication (EIGRP Named Mode)

Verify Authentication

9. Load Balancing in EIGRP

Equal-Cost Load Balancing

Unequal-Cost Load Balancing — variance

10. EIGRP Stub Routing

Stub Options

11. Advanced Timer Tuning

12. Redistribution with EIGRP

13. EIGRP for IPv6

14. Troubleshooting EIGRP

Complete Verification Command Reference

15. Key Points & Exam Tips

16. EIGRP Configuration Quiz

1. Two EIGRP routers are directly connected and have matching AS numbers. Router A has K-values K1=1, K2=0, K3=1, K4=0, K5=0. Router B has K-values K1=1, K2=1, K3=1, K4=0, K5=0. What happens when they attempt to form a neighbour relationship?

2. Router R1 has the following EIGRP topology table entry for 10.0.0.0/24: P 10.0.0.0/24, 1 successor, FD is 263680 via 10.1.1.2 (263680/160000), Gi0/0 via 10.2.2.2 (310000/175000), Gi0/1 Which path qualifies as a Feasible Successor and why?

3. A hub-and-spoke EIGRP network has 50 spoke sites. When a link fails at the hub, convergence takes over 3 minutes and some adjacencies drop (SIA — Stuck in Active). What is the correct solution?

4. An engineer configures variance 3 on an EIGRP router. The successor's Feasible Distance is 100,000. Which backup paths can participate in unequal-cost load balancing?

5. An engineer configures EIGRP authentication on Router A's Gi0/0 interface with key-chain MYKEY. Router B on the other end has no authentication configured. What happens to their EIGRP adjacency?

6. A router has these networks configured in EIGRP: 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24. The engineer adds ip summary-address eigrp 100 192.168.12.0 255.255.252.0 on Gi0/0. What additional route does the router install in its local routing table?

7. Which two commands are both required to enable EIGRP MD5 authentication on interface GigabitEthernet0/0 for AS 100 using key-chain MYCHAIN?

8. What is the Administrative Distance of an EIGRP external route, and in what situation would this matter for routing decisions?

9. A network administrator runs show ip eigrp topology and sees a route marked as "A" (Active) for over 4 minutes. What does this indicate and what is the likely consequence if it persists?

10. When configuring EIGRP for IPv6, what key difference from EIGRP for IPv4 means you cannot use the same network statement approach?

2. Router R1 has the following EIGRP topology table entry for 10.0.0.0/24:
`P 10.0.0.0/24, 1 successor, FD is 263680`
`via 10.1.1.2 (263680/160000), Gi0/0`
`via 10.2.2.2 (310000/175000), Gi0/1`
Which path qualifies as a Feasible Successor and why?

4. An engineer configures `variance 3` on an EIGRP router. The successor's Feasible Distance is 100,000. Which backup paths can participate in unequal-cost load balancing?

6. A router has these networks configured in EIGRP: 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24. The engineer adds `ip summary-address eigrp 100 192.168.12.0 255.255.252.0` on Gi0/0. What additional route does the router install in its local routing table?

9. A network administrator runs `show ip eigrp topology` and sees a route marked as "A" (Active) for over 4 minutes. What does this indicate and what is the likely consequence if it persists?

10. When configuring EIGRP for IPv6, what key difference from EIGRP for IPv4 means you cannot use the same `network` statement approach?