Configuring ripv2 message authentication, Specifying a rip neighbor, Configuring rip-to-mib binding – H3C Technologies H3C SecPath F1000-E User Manual
Page 386
361
NOTE:
The source IP address check feature should be disabled if the RIP neighbor is not directly connected.
Configuring RIPv2 message authentication
In a network requiring high security, you can configure this task to implement RIPv2 message validity
check and authentication.
RIPv2 supports two authentication modes: plain text and MD5.
In plain text authentication, the authentication information is sent with the RIP message; however, this
cannot meet high security needs.
To configure RIPv2 message authentication:
Step Command
1.
Enter system view.
system-view
2.
Enter interface view.
interface interface-type interface-number
3.
Configure RIPv2
authentication.
rip authentication-mode { md5 { rfc2082 key-string key-id | rfc2453
key-string } | simple password }
NOTE:
This feature does not apply to RIPv1 because RIPv1 does not support authentication. Although you can
specify an authentication mode for RIPv1 in interface view, the configuration does not take effect.
Specifying a RIP neighbor
Usually, RIP sends messages to broadcast or multicast addresses. On non broadcast or multicast links,
you need to manually specify RIP neighbors.
To specify a RIP neighbor:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RIP view.
rip [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3.
Specify a RIP neighbor.
peer ip-address N/A
4.
Disable source address check
on incoming RIP updates.
undo validate-source-address
Not disabled by default.
NOTE:
•
You need not use the peer ip-address command when the neighbor is directly connected; otherwise the
neighbor may receive both the unicast and multicast (or broadcast) of the same routing information.
•
If a specified neighbor is not directly connected, you need to disable source address check on incoming
updates.
Configuring RIP-to-MIB binding
This task allows you to enable a specific RIP process to receive SNMP requests.
To bind RIP to MIB:
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer