beautypg.com

11 ripv2 md5 authentication (multiple keys) – CANOGA PERKINS 9175 Configuration Guide User Manual

Page 97

background image

CanogaOS Configuration Guide

16-7

DUT# configure terminal

Enter the Configure mode.

DUT(config-if)# ip rip authentication mode
md5

Specify the authentication mode to be MD5.


R2

DUT# configure terminal

Enter the Configure mode.

DUT(config)# router rip

Enter the RIP routing process.

DUT(config-router)# network 10.10.11.0/24

Associate network 10.10.11.0/24 with the RIP process.

DUT(config-router)# redistribute connected

Enable redistributing from connected routes.

DUT(config-router)# exit

Quit the Router mode and return to the Configure mode.

DUT(config)# interface eth-0-1

Specify the interface (eth-0-1) for authentication.

DUT(config-if)# ip rip authentication string
Auth1

Specify the authentication string (Auth1) for this interface.

DUT(config-if)# ip rip authentication mode
md5

Specify the authentication mode to be MD5.


Validation Commands
show running-config, show ip rip, show ip protocols rip, show ip rip interface, show ip
route

16.11 RIPv2 MD5 authentication (multiple keys)

This example illustrates the md5 authentication of the routing information exchange
process for RIP using multiple keys. Routers R1 and R2 are running RIP and exchange
routing updates. To configure authentication on R1, define a key chain, specify keys in
the key chain and then define the authentication string or passwords to be used by the
keys. Then set the time period during which it is valid to receive or send the
authentication key by specifying the accept and send lifetimes. After defining the key
string, specify the key chain (or the set of keys) that will be used for authentication on the
interface and the authentication mode to be used. Configure R2 and R3 to have the
same key ID and key string as R1 for the time that updates need to be exchanged.
In md5 authentication, both the key ID and key string are matched for authentication. R1
will receive only packets that match both the key ID and the key string in the specified
key chain (within the accept lifetime) on that interface. In the following example, R2 has
the same key ID and key string as R1. For additional security, the accept lifetime and
send lifetime are configured such that every fifth day the key ID and key string changes.
To maintain continuity, the accept lifetimes should be configured to overlap; however,
the send lifetime should not be overlapping.