Networking

Configure EIGRP on Cisco IOS: Metrics, DUAL, Stub, and Authentication

Part of pathway: Full Guide for All IOS Commands
8 min read

EIGRP — The Hybrid That Outlived Its Critics

EIGRP started as a Cisco-only proprietary routing protocol, was widely dismissed as “the protocol you only use because all your gear is Cisco,” and is now an open RFC (RFC 7868). Despite that, it remains a heavily Cisco-flavored protocol. Where it shines is in environments that are all-Cisco: it converges faster than OSPF on link failures, has a simpler configuration model, and gives you a metric that actually reflects bandwidth and delay rather than just hop count.

This article covers EIGRP on Cisco IOS — the metric, neighbor establishment, the DUAL algorithm and feasibility, basic configuration, summarization, the EIGRP stub feature, MD5 authentication, and the verification commands.

The Metric — Bandwidth + Delay

EIGRP’s composite metric is computed from five factors weighted by “K-values”:

  • Bandwidth — the slowest link on the path (K1=1 by default)
  • Delay — the sum of all hop delays on the path (K3=1 by default)
  • Load — current interface utilization (K2=0, disabled)
  • Reliability — based on interface error counters (K4=0, disabled)
  • MTU — tiebreaker only, never the primary metric

The default formula reduces to: metric = (107/min(BW) + sum(delay)/10) * 256. The 256 multiplier exists for backward compatibility with the IGRP days. Do not change K-values. All routers in the EIGRP autonomous system must agree on K-values or they refuse to form neighbors. Tweaking them is rare and almost always a mistake.

Two routers can form a neighbor relationship only if they agree on:

  1. The same EIGRP autonomous system number
  2. The same K-values
  3. A primary subnet on the same network (i.e. their interfaces are in the same subnet)
  4. If authenticated, the same key

DUAL and Feasibility — Why EIGRP Converges Fast

The Diffusing Update Algorithm (DUAL) is the secret to EIGRP’s sub-second convergence. Two terms to know:

  • Feasible Distance (FD): the metric your router calculates to reach a destination via a particular neighbor.
  • Reported Distance (RD): the metric that neighbor reports for the same destination.

The route with the lowest FD is the successor — this is what gets installed in the routing table. Any other neighbor whose RD is strictly less than the successor’s FD is a feasible successor: a guaranteed loop-free backup that DUAL can switch to instantly without recalculating.

This is the magic. When the primary path fails, EIGRP doesn’t need to query neighbors or wait for a new SPF run — it has a precomputed, validated alternative ready in the topology table. Convergence happens in milliseconds, not seconds.

If no feasible successor exists, EIGRP enters “Active” mode and queries neighbors to discover one. Stuck-in-active (SIA) is the dreaded failure mode — a query goes unanswered for too long and the route is dropped. Designing the topology so feasible successors exist for important destinations is what stub mode and summarization help with.

Basic Configuration

EIGRP runs in an autonomous system; routers with different AS numbers don’t neighbor. Pick one for your domain and apply it everywhere:

Router(config)# router eigrp 100
Router(config-router)# no auto-summary
Router(config-router)# eigrp router-id 1.1.1.1
Router(config-router)# network 10.0.0.0
Router(config-router)# network 192.168.1.0 0.0.0.255

Three things to call out:

  • no auto-summary: ALWAYS run this. EIGRP’s default behavior is to auto-summarize at classful network boundaries, which is wrong on every modern network using non-classful subnets. The day you forget this command is the day you discover a far-off branch can’t reach a /24 because the router summarized it to a /8.
  • eigrp router-id: like OSPF, set this manually. Without it, EIGRP picks the highest loopback (or interface) IP, and that pick can change over time. Use a stable, easy-to-recognize address.
  • network statement: takes a wildcard mask just like OSPF’s. network 10.0.0.0 with no mask matches the entire 10.0.0.0/8; adding a wildcard like 0.0.0.255 narrows it to a specific /24.

Passive Interfaces

By default, EIGRP sends hellos out every interface its network statement covers. For interfaces facing servers or end-user LANs, you don’t want hellos broadcasting (it’s an information leak and a small CPU/bandwidth cost). Make those passive:

Router(config-router)# passive-interface default
Router(config-router)# no passive-interface GigabitEthernet0/0

That sets every interface passive, then explicitly un-passives the ones you actually want to neighbor on. Cleaner than maintaining a long list of passive-interface entries.

Summarization

EIGRP supports per-interface summarization, unlike OSPF where summarization happens at the ABR. Configure on the outbound interface where you want the summary advertised:

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip summary-address eigrp 100 192.168.0.0 255.255.0.0

Effect: instead of advertising every 192.168.x.0/24 separately, the router sends a single 192.168.0.0/16 summary out Gi0/1. The component routes are kept in the local topology table; the neighbor only sees the summary.

Always summarize at hierarchy boundaries (distribution-to-core, core-to-WAN). It bounds query scope when a route goes Active — a query stops at a router that has the summary, because the summary itself doesn’t go away when one component does.

EIGRP Stub — Bounded Query Scope at Spokes

The stub feature tells EIGRP that a router is a leaf and shouldn’t be queried during DUAL convergence. Configure on remote/branch routers that have only one path back to the core:

Router(config-router)# eigrp stub connected summary

Options control what the stub does advertise:

  • connected — advertise networks directly attached to the router
  • summary — advertise summary routes
  • static — advertise (redistributed) static routes
  • receive-only — advertise nothing; just learn

The big benefit: a hub router that knows its neighbor is stub will not send EIGRP queries to it during DUAL. With dozens or hundreds of branch routers, this drastically reduces query scope and SIA risk.

Authentication

EIGRP supports MD5 authentication per-interface. Like OSPF, both ends of an adjacency must have the same key-id and string:

Router(config)# key chain EIGRP-KEYS
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string SecretString

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip authentication mode eigrp 100 md5
Router(config-if)# ip authentication key-chain eigrp 100 EIGRP-KEYS

Note the key-chain abstraction — you reference a key chain (which can have multiple keys with rotation), not a raw key string. Best practice on production networks; not something you can do with OSPF on classic IOS.

Verifying EIGRP

The five commands you actually run:

Command Shows
show ip eigrp neighbors Adjacency list with hold timer, uptime, queue counts
show ip eigrp interfaces Which interfaces run EIGRP, peer counts, mean SRTT
show ip eigrp topology The topology table with Successor / Feasible Successor markers
show ip eigrp topology all-links Topology table including non-feasible paths (rare debugging)
show ip route eigrp Just the EIGRP-installed entries in the routing table

If show ip eigrp neighbors shows fewer neighbors than expected, the usual culprits are: AS number mismatch, K-value mismatch, primary subnet mismatch, authentication mismatch, or an ACL blocking 224.0.0.10 (the EIGRP multicast).

Common Pitfalls

  • Forgetting no auto-summary. The single most common EIGRP mistake. Auto-summary is on by default and silently breaks routing the moment a discontiguous network exists. Hardcode no auto-summary in your golden config template.
  • K-value disagreement. Don’t change K-values. Don’t. If someone tells you to weight load or reliability, push back — the failure mode (silent neighbor refusal) is worse than the rare benefit.
  • AS number mismatch. EIGRP AS is locally significant only in the sense that it’s arbitrary — but every router in the domain must use the same number to neighbor. Pick one organization-wide.
  • Stuck in Active (SIA). A query waits 3 minutes for a reply; if none comes, the route drops and neighbors reset. Bound query scope with EIGRP stub on spokes and summarization at hierarchy boundaries.
  • Missing wildcard mask. network 10.0.0.0 includes everything in 10/8. network 10.0.0.0 0.255.255.255 is more explicit. Mixing classful and classless network statements in the same router is confusing in show running-config; standardize on one.
  • Passive-interface for the wrong direction. Passive only stops outbound hellos — the interface still receives them and learns from any sender. If you want to genuinely shut a leg, remove the network statement that covers it.

Conclusion

EIGRP’s reputation as “OSPF for Cisco fans” sells it short. The DUAL algorithm with feasibility-condition pre-computation gives a genuinely faster recovery than OSPF on link failures — sub-second versus several seconds — and in an all-Cisco environment the configuration is simpler.

The patterns that pay off:

  1. Standardize no auto-summary in every router’s startup config.
  2. Set eigrp router-id manually, never let it pick.
  3. Use passive-interface default + selective unpassive, not a long blocklist.
  4. Summarize at hierarchy boundaries to bound query scope.
  5. Configure remote/branch routers as eigrp stub — SIA is a failure mode you don’t want to debug at 3 AM.

The protocol is well-documented, the failure modes are well-known, and on Cisco-only networks it remains a serious contender against OSPF for the IGP role.

Tags: #CCNA #Cisco IOS #DUAL #EIGRP #Routing

Related Articles

Leave a Reply