RIPv2 Authentication

RIPv2 Authentication

The Cisco implementation of RIPv2 supports two modes of authentication: plain text and MD5 authentication.

Plain text authentication is the default setting in every RIPv2 packet, when authentication is enabled.

Plain text authentication should not be used when security is an issue, because the unencrypted authentication password is sent in every RIPv2 packet.

To configure RIPv2 authentication between two routers you need to carry out these steps.

1. Define a key chain with a name

2. Define the key or keys on the chain

3. Specify password or key chain

4. Enable authentication on the interface and specify the key chain to be used

5. Specify if the interface will use plain text or MD5

6. Configure Key Management – This is optional

Example below.

R1(config)#key chain KEYCHAIN1

R1(config-keychain)#?

Key-chain configuration commands:

default Set a command to its defaults

exit Exit from key-chain configuration mode

key Configure a key

no Negate a command or set its defaults

R1(config-keychain)#key ?

<0-2147483647> Key identifier

R1(config-keychain)#key 1

R1(config-keychain-key)#key-string CISCO123

R1(config-keychain-key)#end

R1#

Jan 5 06:07:50.345: %SYS-5-CONFIG_I: Configured from console by console

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#int fa0/0

R1(config-if)#ip rip au

R1(config-if)#ip rip authentication key

R1(config-if)#ip rip authentication key-chain KEYCHAIN1

R1(config-if)#ip rip authentication key-chain KEYCHAIN1 ?

LINE <cr>

R1(config-if)#ip rip authentication ?

key-chain Authentication key-chain

mode Authentication mode

...