RIPv2 Authentication

The Cisco implementation of RIPv2 supports two modes of authentication: plain text  and MD5 authentication.

Plain text authentication is the default setting in every RIPv2 packet, when authentication is enabled.

Plain text authentication should not be used when security is an issue, because the unencrypted authentication password is sent in every RIPv2 packet.

To configure RIPv2 authentication between two routers you need to carry out these steps.

1. Define a key chain with a name

2. Define the key or keys on the chain

3. Specify password or key chain

4. Enable authentication on the interface and specify the key chain to be used

5. Specify if the interface will use plain text or MD5

6. Configure Key Management – This is optional

Example below.

R1(config)#key chain KEYCHAIN1
 R1(config-keychain)#?
 Key-chain configuration commands:
 default  Set a command to its defaults
 exit     Exit from key-chain configuration mode
 key      Configure a key
 no       Negate a command or set its defaults

R1(config-keychain)#key ?
 <0-2147483647>  Key identifier

R1(config-keychain)#key 1
 R1(config-keychain-key)#key-string CISCO123
 R1(config-keychain-key)#end
 R1#
 Jan  5 06:07:50.345: %SYS-5-CONFIG_I: Configured from console by console
 R1#conf t
 Enter configuration commands, one per line.  End with CNTL/Z.
 R1(config)#int fa0/0
 R1(config-if)#ip rip au
 R1(config-if)#ip rip authentication key
 R1(config-if)#ip rip authentication key-chain  KEYCHAIN1
 R1(config-if)#ip rip authentication key-chain  KEYCHAIN1 ?
 LINE    <cr>

R1(config-if)#ip rip authentication ?
 key-chain  Authentication key-chain
 mode       Authentication mode

R1(config-if)#ip rip authentication mode ?
 md5   Keyed message digest
 text  Clear text authentication

R1(config-if)#ip rip authentication mode md5 ?
 <cr>

R1(config-if)#ip rip authentication mode md5
 R1(config-if)#

Now configure the same on the remote end of the link to restore connectivity