CANOGA PERKINS CanogaOS Configuration Guide User Manual
Page 115
CanogaOS Configuration Guide
Proprietary & Confidential Canoga Perkins Metro Ethernet Switches
Page 115 of 350
for authentication on the interface and the authentication mode to be used. Configure R2 and R3
to have the same key ID and key string as R1 for the time that updates need to be exchanged.
In md5 authentication, both the key ID and key string are matched for authentication. R1 will
receive only packets that match both the key ID and the key string in the specified key chain
(within the accept lifetime) on that interface. In the following example, R2 has the same key ID
and key string as R1. For additional security, the accept lifetime and send lifetime are configured
such that every fifth day the key ID and key string changes. To maintain continuity, the accept
lifetimes should be configured to overlap; however, the send lifetime should not be overlapping.
R1
DUT# configure terminal
Enter the Configure mode.
DUT(config)# router rip
Enter the RIP routing process.
DUT(config-router)# network 10.10.11.0/24 Associate network 10.10.11.0/24 with the RIP process.
DUT(config-router)# redistribute connected Enable redistributing from connected routes.
DUT(config-router)# exit
Quit the Router mode and return to the Configure mode.
DUT(config)# key chain SUN
Enter the key chain management mode to add keys to the key chain
SUN.
DUT(config-keychain)# key 1
Add authentication key ID (1) to the key chain SUN.
DUT(config-keychain-key)# key-string
key1
Specify a password (key1) to be used by the specified key.
DUT(config-keychain-key)# accept-lifetime
12:00:00 Mar 2 2003 14:00:00 Mar 7 2003
Specify the time period during which authentication key string key1
can be received. In this case, key string key1 can be received from
noon of March 2 to 2 pm March 7, 2003.
DUT(config-keychain-key)# send-lifetime
12:00:00 Mar 2 2003 12:00:00 Mar 7 2003
Specify the time period during which authentication key string key1
can be send. In this case, key string key1 can be sent from noon of
March 2 to noon of March 7, 2003.
DUT(config-keychain-key)# exit
Exit the keychain-key mode and return to keychain mode.
DUT(config-keychain)# key 2
Add another authentication key (2) to the key chain SUN.
DUT(config-keychain-key)# key-string
Earth
Specify a password (Earth) to be used by the specified key.
DUT(config-keychain-key)# accept-lifetime
12:00:00 Mar 7 2003 14:00:00 Mar 12 2003
Specify the time period during which authentication key string Earth
can be received. In this case, key string Earth can be received from
noon of March 7 to 2 pm March 12, 2003.
DUT(config-keychain-key)# send-lifetime
12:00:00 Mar 7 2003 12:00:00 Mar 12 2003
Specify the time period during which authentication key string Earth
can be send. In this case, key string Earth can be sent from noon of
March 7 to noon of March 12, 2003.
DUT(config-keychain-key)# end
Enter Privileged Exec mode.
DUT# configure terminal
Enter the Configure mode.
DUT(config)# interface eth-0-2
Specify the interface (eth-0-2) for authentication.
DUT(config-if)# ip rip authentication key
chain SUN
Enable RIPv2 authentication on eth-0-2 interface and specify the key
chain SUN to be used for authentication.
DUT(config-if)# ip rip authentication mode
md5
Specify the authentication mode to be MD5.