Routing protocols are used to exchange reachability information between routers. Routing information is learned from the peers to determine the next hop toward the destination. To route traffic correctly, you need to prevent malicious and incorrect routing information from being introduced into the routing table. This can be done by authenticating the routing updates exchanged between the routers. Routing Information Protocol version 2 (RIPv2) supports plain text and Message Digest 5 (MD5) authentication. However, RIPv1 does not support authentication.
To configure RIP authentication, the keys used in the authentication process have to be configured and attached to an interface along with the mode of authentication(Clear/MD5).The configuration of RIP message authentication is carried out in two steps:
1) Creation of a keychain and key:
Key chains consist of two necessary and two are optional components. The necessary components are key number and key string.
Key chain configuration steps:
A) First we need to configure key chain in global configuration mode.
B) Under key chain we need to configure key number. Key number must be match on both side of router and should be active. If multiple key numbers configure on router, then router select lowest number for authentication.
C) Once you configure key number you need to issue authentication string.
Router(config)#key chain mykey //configure key chain name mykey
Router(config-keychain)#key 1 // Specifies the key number
Router(config-keychain-key)#key-string cisco //Specifies the authentication string for a key.
2) Configuration of RIP authentication under interface:
Enable authentication for RIPv2 packets and to specify the set of keys used on an interface by issuing the "ip rip authentication key-chain" command in interface configuration mode.
Specify the type of authentication used in RIPv2 packets by issuing the "ip rip authentication mode" command in interface configuration mode.
Note: By default, the plain text authentication is enabled when a key chain is specified in interface configuration mode.you can enable MD5 authentication by Specify that MD5 authentication under mode command pet interface basis.
1) Key chain configuration verification:
Router#sh key chain
2) In key-string whitespaces counts as a character that can leads to key misconfiguration on router.
Router#sh run | sec key chain
key chain mykey
Router#sh key chain
key 1 -- text "cisco "
3) To check configuration of interface use following command: