The Cisco implementation of RIPv2 supports two modes of authentication: plain text and MD5 authentication.
Plain text authentication is the default setting in every RIPv2 packet, when authentication is enabled.
Plain text authentication should not be used when security is an issue, because the unencrypted authentication password is sent in every RIPv2 packet.
To configure RIPv2 authentication between two routers you need to carry out these steps.
1. Define a key chain with a name
2. Define the key or keys on the chain
3. Specify password or key chain
4. Enable authentication on the interface and specify the key chain to be used
5. Specify if the interface will use plain text or MD5
6. Configure Key Management – This is optional
Example below.
R1(config)#key chain KEYCHAIN1 R1(config-keychain)#? Key-chain configuration commands: default Set a command to its defaults exit Exit from key-chain configuration mode key Configure a key no Negate a command or set its defaults
R1(config-keychain)#key ? <0-2147483647> Key identifier
R1(config-keychain)#key 1 R1(config-keychain-key)#key-string CISCO123 R1(config-keychain-key)#end R1# Jan 5 06:07:50.345: %SYS-5-CONFIG_I: Configured from console by console R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int fa0/0 R1(config-if)#ip rip au R1(config-if)#ip rip authentication key R1(config-if)#ip rip authentication key-chain KEYCHAIN1 R1(config-if)#ip rip authentication key-chain KEYCHAIN1 ? LINE <cr>
R1(config-if)#ip rip authentication ? key-chain Authentication key-chain mode Authentication mode
R1(config-if)#ip rip authentication mode ? md5 Keyed message digest text Clear text authentication
R1(config-if)#ip rip authentication mode md5 ? <cr>
R1(config-if)#ip rip authentication mode md5 R1(config-if)#
Now configure the same on the remote end of the link to restore connectivity
Rogers' CCIE Journey | About Roger | Contact | Twitter | Linkedin
Leave a Reply