RIPv2 Authentication

The Cisco implementation of RIPv2 supports two modes of authentication: plain text and MD5 authentication.

Plain text authentication is the default setting in every RIPv2 packet, when authentication is enabled.

Plain text authentication should not be used when security is an issue, because the unencrypted authentication password is sent in every RIPv2 packet.

To configure RIPv2 authentication between two routers you need to carry out these steps.

1. Define a key chain with a name

2. Define the key or keys on the chain

3. Specify password or key chain

4. Enable authentication on the interface and specify the key chain to be used

5. Specify if the interface will use plain text or MD5

6. Configure Key Management – This is optional

Example below.

R1(config)#key chain KEYCHAIN1
R1(config-keychain)#?
Key-chain configuration commands:
default Set a command to its defaults
exit     Exit from key-chain configuration mode
key      Configure a key
no       Negate a command or set its defaults

R1(config-keychain)#key ?
<0-2147483647> Key identifier

R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CISCO123
R1(config-keychain-key)#end
R1#
Jan 5 06:07:50.345: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa0/0
R1(config-if)#ip rip au
R1(config-if)#ip rip authentication key
R1(config-if)#ip rip authentication key-chain KEYCHAIN1
R1(config-if)#ip rip authentication key-chain KEYCHAIN1 ?
LINE <cr>

R1(config-if)#ip rip authentication ?
key-chain Authentication key-chain
mode Authentication mode

R1(config-if)#ip rip authentication mode ?
md5 Keyed message digest
text Clear text authentication

R1(config-if)#ip rip authentication mode md5 ?
<cr>

R1(config-if)#ip rip authentication mode md5
R1(config-if)#

No configure the same on the remote end of the link to restore connectivity