Overview
EIGRP (Enhanced Interior Gateway Routing Protocol) remains one of the most capable and underappreciated routing protocols in enterprise networking. Its DUAL (Diffusing Update Algorithm) provides loop-free, fast convergence without the flooding overhead of link-state protocols. Unlike OSPF, EIGRP does not require a rigid area hierarchy, making it well-suited to hub-and-spoke WAN designs, DMVPN networks, and medium-to-large campus deployments.
This guide covers the DUAL algorithm, neighborship mechanics, metric tuning, summarization strategy, stub routing, and a systematic troubleshooting workflow.
Part 1 β EIGRP Fundamentals
1.1 β How DUAL Works
DUAL is the heart of EIGRP. Before diving into configuration, understanding these terms prevents hours of debugging:
- Feasible Distance (FD) β the best metric from the local router to the destination, as currently known
- Reported Distance (RD) β the metric a neighbor advertises for reaching that destination (also called Advertised Distance)
- Successor β the neighbor providing the best (lowest FD) path. This is the active route installed in the routing table
- Feasible Successor (FS) β a backup neighbor whose RD is less than the current FD. EIGRP can switch to the FS instantly without recomputing
- Feasibility Condition (FC) β the rule that qualifies a route as an FS:
neighbor RD < current FD. This guarantees the backup path is loop-free
When the Successor goes down and a Feasible Successor exists, EIGRP converges in milliseconds by promoting the FS β no query is sent. When no FS exists, EIGRP enters Active state and sends queries to all neighbors. If a query is not answered, the route stays Active and can cause a stuck-in-active (SIA) condition.
1.2 β EIGRP Metric Components
EIGRP's composite metric uses five K-values, but by default only bandwidth and delay are used (K1=1, K2=0, K3=1, K4=0, K5=0):
Metric = [K1ΓBW + K3ΓDelay] Γ 256
Where BW = 10,000,000 / interface bandwidth (Kbps), and Delay is cumulative delay in tens of microseconds.
Best practice: Never change K-values in production. A K-value mismatch prevents neighborship entirely. If you must influence path selection, tune delay on the interface instead of touching K-values.
Part 2 β Configuration Best Practices
2.1 β Use Named EIGRP Mode
Named EIGRP (introduced in IOS 15.0) is the modern standard. It consolidates IPv4, IPv6, and address-family configuration under a single process and is required for advanced features like wide metrics.
# Named EIGRP β preferred for all new deployments
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# network 10.0.0.0 0.0.0.255
R1(config-router-af)# network 192.168.0.0 0.0.0.255
R1(config-router-af)# eigrp router-id 1.1.1.1
R1(config-router-af)# exit-address-family
# Classic EIGRP β still common, works fine, but lacks named-mode features
# router eigrp 100
# network 10.0.0.0 0.0.0.255
# no auto-summary
2.2 β Always Set a Router ID
Without an explicit router ID, EIGRP picks the highest loopback IP, which can change if interfaces go up and down. Always set it explicitly.
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# eigrp router-id 1.1.1.1
# Classic mode
R1(config)# router eigrp 100
R1(config-router)# eigrp router-id 1.1.1.1
2.3 β Disable Auto-Summary
Auto-summary is disabled by default in IOS 15+, but still enabled by default in older IOS versions. Always disable it explicitly β auto-summary causes black holes at discontiguous network boundaries.
# Classic mode β always add this
R1(config)# router eigrp 100
R1(config-router)# no auto-summary
2.4 β Use Passive Interfaces
Mark all interfaces that should not form EIGRP neighbors as passive. This prevents unwanted neighbors, reduces hello traffic, and is an important security measure.
# Passive all interfaces by default, then selectively activate
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# af-interface default
R1(config-router-af-if)# passive-interface
R1(config-router-af-if)# exit-af-interface
R1(config-router-af)# af-interface GigabitEthernet0/1
R1(config-router-af-if)# no passive-interface
R1(config-router-af-if)# exit-af-interface
# Classic mode equivalent
R1(config)# router eigrp 100
R1(config-router)# passive-interface default
R1(config-router)# no passive-interface GigabitEthernet0/1
2.5 β Configure Authentication
EIGRP MD5 or SHA-256 authentication prevents rogue routers from injecting routes. Always enable it in production.
# Named mode β SHA-256 (preferred)
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# af-interface GigabitEthernet0/1
R1(config-router-af-if)# authentication mode hmac-sha-256 MySecretKey!
# Classic mode β MD5 (key chain required)
R1(config)# key chain EIGRP-KEYS
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string MySecretKey!
R1(config)# interface GigabitEthernet0/1
R1(config-if)# ip authentication mode eigrp 100 md5
R1(config-if)# ip authentication key-chain eigrp 100 EIGRP-KEYS
Part 3 β Summarization and Stub Routing
3.1 β Manual Summarization
Summarization reduces topology table size, limits query scope, and speeds up convergence. Apply summaries at distribution or hub routers β never on access layer or stub routers.
# Named mode β summarization per interface
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# af-interface GigabitEthernet0/0
R1(config-router-af-if)# summary-address 10.1.0.0 255.255.0.0
# Classic mode
R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip summary-address eigrp 100 10.1.0.0 255.255.0.0
# Verify summary is being advertised
R1# show ip eigrp topology 10.1.0.0/16
Important: When a summary is configured, EIGRP installs a null0 route for that summary prefix with AD 5 to prevent routing loops. This is expected behavior β do not remove it.
3.2 β Stub Routing
Stub routing is critical for hub-and-spoke topologies. A stub router tells its hub that it should not be used as a transit path, which dramatically reduces query scope and prevents SIA conditions across the WAN.
# Configure stub on spoke routers β choose the appropriate option:
# connected β advertise only directly connected networks (most common for simple spokes)
SPOKE(config)# router eigrp ENTERPRISE
SPOKE(config-router)# address-family ipv4 unicast autonomous-system 100
SPOKE(config-router-af)# eigrp stub connected
# connected summary β also advertise configured summaries
SPOKE(config-router-af)# eigrp stub connected summary
# receive-only β stub receives routes but advertises nothing (pure leaf)
SPOKE(config-router-af)# eigrp stub receive-only
# Verify stub configuration
HUB# show ip eigrp neighbors detail | include Stub
HUB# show ip eigrp neighbors detail 10.0.0.2
Part 4 β Metric Tuning
4.1 β Tune Delay, Not Bandwidth
Bandwidth is used by QoS β changing it for EIGRP metric purposes breaks QoS calculations. Always tune delay to influence EIGRP path selection.
# Increase delay to make a path less preferred (delay in tens of microseconds)
# Default: GigE = 10 (100ΞΌs), Serial = 2000 (20ms)
R1(config)# interface GigabitEthernet0/2
R1(config-if)# delay 1000
# This adds 10ms of artificial delay, making this path less preferred
# Verify current delay and bandwidth values
R1# show interfaces GigabitEthernet0/2 | include DLY|BW
4.2 β Wide Metrics (Named Mode)
Classic EIGRP metrics overflow on interfaces faster than 1Gbps because bandwidth is capped at 10^7 Kbps. Named mode supports wide metrics that handle up to 655 Tbps.
# Enable wide metrics β requires named mode on ALL routers in the AS
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# metric weights 0 1 0 1 0 0 0
# Wide metrics are enabled automatically in named mode β verify with:
R1# show eigrp address-family ipv4 interfaces detail | include metric
4.3 β Unequal-Cost Load Balancing
EIGRP supports load balancing across unequal-cost paths using the variance command β a unique feature not available in OSPF or BGP.
# variance multiplier: routes with metric <= (best metric Γ variance) are used
# variance 2 = use any path with metric up to 2Γ the best path
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# maximum-paths 4
R1(config-router-af)# variance 2
# Verify load balancing
R1# show ip route 10.2.0.0
# Should show multiple next-hops with traffic share counts
Part 5 β Troubleshooting EIGRP
Step 1 β Verify Neighbor Relationships
# Quick summary of all EIGRP neighbors
R1# show ip eigrp neighbors
R1# show ip eigrp neighbors detail
# Named mode β specify address-family
R1# show eigrp address-family ipv4 neighbors
R1# show eigrp address-family ipv4 neighbors detail
# Key columns to check:
# Uptime β if repeatedly resetting, hello/hold timer or auth issue
# Q Cnt β if non-zero, stuck queries pending (potential SIA)
# Seq Num β should increment; stuck = communication issue
Step 2 β Diagnose Neighborship Failures
If a neighbor never forms, check these in order:
# 1. Layer 3 connectivity
R1# ping 10.0.0.2
# 2. Check hello/hold timers β must match on both sides
R1# show ip eigrp interfaces detail GigabitEthernet0/1 | include Hello|Hold
# 3. Check AS number β must be identical on both peers
R1# show run | section router eigrp
# 4. Check K-values β must match exactly
R1# show ip protocols | include K[0-9]
# 5. Authentication β check key chain and key strings
R1# debug eigrp packets
# Look for: "Invalid authentication" or "AS mismatch"
# 6. Interface is passive β cannot form neighbors
R1# show ip protocols | include Passive
R1# show ip eigrp interfaces
# Passive interfaces do not appear in eigrp interfaces output
Step 3 β Inspect the Topology Table
# Full topology table
R1# show ip eigrp topology
R1# show ip eigrp topology all-links ! includes non-FS routes
# Look for specific prefix
R1# show ip eigrp topology 10.2.0.0/24
# What to read:
# State P = Passive (stable), A = Active (querying β potential SIA)
# FD = best metric seen, RD = what neighbor reported
# via X.X.X.X β successor or feasible successor
Step 4 β Diagnose Stuck-in-Active (SIA)
SIA occurs when a query is sent but no reply is received within the SIA timer (90 seconds by default). The neighbor relationship is torn down. SIA is almost always caused by: too many routes, no stub configuration on spokes, or slow/unreliable WAN links.
# Check for routes currently in Active state
R1# show ip eigrp topology active
R1# show ip eigrp topology | include Active
# Increase SIA timer (default 90s) to give slow WAN links more time
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# timers active-time 180
# Check SIA-query and SIA-reply events in debug
R1# debug eigrp notifications
Step 5 β Verify Route Advertisement
# Check what EIGRP is advertising to a neighbor
R1# show ip eigrp topology | include via 10.0.0.2
# Check routing table for EIGRP routes (D = EIGRP, D EX = External EIGRP)
R1# show ip route eigrp
R1# show ip route 10.2.0.0
# Check if a network statement is correctly matching the interface
R1# show ip eigrp interfaces
# If interface is not shown, the network statement is not matching it
# Debug EIGRP updates (limit to specific neighbor to reduce noise)
R1# debug ip eigrp 10.0.0.2
Step 6 β Check Redistribution Issues
External EIGRP routes (D EX, AD 170) are frequently the source of routing problems when redistributing from OSPF, BGP, or connected routes.
# View external routes and their origin
R1# show ip eigrp topology | include External
R1# show ip route | include D EX
# When redistributing, always use a route-map to filter and set metrics
R1(config)# route-map OSPF-TO-EIGRP permit 10
R1(config-route-map)# match ip address prefix-list ALLOWED-PREFIXES
R1(config-route-map)# set metric 10000 100 255 1 1500
# metric format: bandwidth delay reliability load MTU
R1(config)# router eigrp ENTERPRISE
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# topology base
R1(config-router-af-top)# redistribute ospf 1 route-map OSPF-TO-EIGRP
Quick Reference β Common EIGRP Issues
EIGRP Hardening Checklist
Before deploying EIGRP in production, verify each of the following:
- Named EIGRP mode is used (
router eigrp NAME) with an expliciteigrp router-id no auto-summaryis configured (classic mode) or verified disabledpassive-interface defaultis set, with only peer-facing interfaces activated- MD5 or SHA-256 authentication is enabled on all EIGRP interfaces
- Spoke routers in hub-and-spoke topologies have
eigrp stub connectedconfigured - Manual summarization is applied at distribution/hub layer with documented prefix boundaries
- Wide metrics are enabled in named mode for any links faster than 1Gbps
varianceandmaximum-pathsare tuned where load balancing is required- Redistribution uses
route-mapfilters with explicit metrics β never bareredistribute - SIA timer is reviewed for WAN deployments and increased if links have high latency