Route-filter, Authentication, Authentication methods – Cabletron Systems SmartSwitch User Manual

Page 170: Apter 12: multicast routing configuration guide

background image

Chapter 11: Routing Policy Configuration Guide

170

SmartSwitch Router User Reference Manual

Route-Filter

This component specifies the individual routes that are to be aggregated or summarized.
The preference to be associated with these routes can also be explicitly specified using this
component.

The contributing routes are ordered according to the aggregation preference that applies
to them. If there is more than one contributing route with the same aggregating
preference, the route's own preferences are used to order the routes. The preference of the
aggregate route will be that of contributing route with the lowest aggregate preference.

A route may only contribute to an aggregate route that is more general than itself; it must
match the aggregate under its mask. Any given route may only contribute to one
aggregate route, which will be the most specific configured, but an aggregate route may
contribute to a more general aggregate.

An aggregate-route only comes into existence if at least one of its contributing routes is
active.

Authentication

Authentication guarantees that routing information is only imported from trusted routers.
Many protocols like RIP V2 and OSPF provide mechanisms for authenticating protocol
exchanges. A variety of authentication schemes can be used. Authentication has two
components – an Authentication Method and an Authentication Key. Many protocols
allow different authentication methods and keys to be used in different parts of the
network.

Authentication Methods

There are mainly two authentication methods:

Simple Password:

In this method, an authentication key of up to 8 characters is included

in the packet. If this does not match what is expected, the packet is discarded. This
method provides little security, as it is possible to learn the authentication key by
watching the protocol packets.

MD5:

This method uses the MD5 algorithm to create a crypto-checksum of the protocol

packet and an authentication key of up to 16 characters. The transmitted packet does not
contain the authentication key itself; instead, it contains a crypto-checksum, called the
digest. The receiving router performs a calculation using the correct authentication key
and discard the packet if the digest does not match. In addition, a sequence number is
maintained to prevent the replay of older packets. This method provides a much stronger
assurance that routing data originated from a router with a valid authentication key.