Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring Authentication For RIPv2

 

Introduction:

Routing protocols are used to exchange reachability information between routers. Routing information is learned from the peers to determine the next hop toward the destination. To route traffic correctly, you need to prevent malicious and incorrect routing information from being introduced into the routing table. This can be done by authenticating the routing updates exchanged between the routers. Routing Information Protocol version 2 (RIPv2) supports plain text and Message Digest 5 (MD5) authentication. However, RIPv1 does not support authentication.

Configuration overview:

To configure RIP authentication, the keys used in the authentication process have to be configured and attached to an interface along with the mode of authentication(Clear/MD5).The configuration of RIP message authentication is carried out in two steps:

1) Creation of a keychain and key:

 

Key chains consist of two necessary and two are optional components. The necessary components are key number and key string.

 

Key chain configuration steps:

A) First we need to configure key chain in global configuration mode.

B) Under key chain we need to configure key number. Key number must be match on both side of router and should be active. If multiple key numbers configure on router, then router select lowest number for authentication.

C) Once you configure key number you need to issue authentication string.

 

Example:

Router#configure terminal

Router(config)#key chain mykey                         //configure key chain name mykey

Router(config-keychain)#key 1                          // Specifies the key number

Router(config-keychain-key)#key-string cisco  //Specifies the authentication string for a key.         

Router(config-keychain-key)#end

2) Configuration of RIP authentication under interface:

 

Enable authentication for RIPv2 packets and to specify the set of keys used on an interface by issuing the "ip rip authentication key-chain" command in interface configuration mode.

 

Specify the type of authentication used in RIPv2 packets by issuing the "ip rip authentication mode" command in interface configuration mode.

 

Note: By default, the plain text authentication is enabled when a key chain is specified in interface configuration mode.you can enable MD5 authentication by Specify that MD5 authentication under mode command pet interface basis.

 

Verification commands

 

1) Key chain configuration verification:

 

Router#sh key chain

 

2) In key-string whitespaces counts as a character that can leads to key misconfiguration on router.

 

Router#sh run | sec key chain

key chain mykey

key 1

   key-string cisco

Router#sh key chain

Key-chain mykey:

    key 1 -- text "cisco  "

3) To check configuration of interface use following command:

 

Router#show run interface fa0/0

Related Information:

Sample Configuration for Authentication in RIPv2

Version history
Revision #:
2 of 2
Last update:
‎08-23-2017 09:06 PM
Updated by:
 
Labels (1)
Contributors