Cisco RIP Authentication Configuration Example
We will configure RIP Authentication on Cisco routers.We will use RIP Version 2, because RIP version 1 does not support authentication.
Here is the topology for RIP Authentication configuration example:
Firstly we will configure R1 as below:
key chain AUTHENTICATION
key 10
key-string CISCO
!
interface Loopback0
ip address 192.168.0.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain AUTHENTICATION
!
interface FastEthernet0/1
ip address 192.168.13.1 255.255.255.0
!
router rip
version 2
network 192.168.0.0
network 192.168.12.0
network 192.168.13.0
no auto-summary
We see that R1 ignores the updates that come from R2, because we did not configure RIP authentication on R2 yet:
R1#debug ip rip
RIP protocol debugging is on
*Mar 1 00:47:47.191: RIP: received v2 update from 192.168.13.3 on FastEthernet0/1
*Mar 1 00:47:47.195: 192.168.0.3/32 via 0.0.0.0 in 1 hops
*Mar 1 00:47:47.195: 192.168.0.4/32 via 0.0.0.0 in 2 hops
*Mar 1 00:47:47.195: 192.168.24.0/24 via 0.0.0.0 in 2 hops
*Mar 1 00:47:47.199: 192.168.34.0/24 via 0.0.0.0 in 1 hops
*Mar 1 00:47:54.951: RIP: ignored v2 packet from 192.168.12.2 (invalid authentication)
After we have done same RIP authentication on R2, then R1 accepts the RIP updates that come from R2:
R1#debug ip rip
RIP protocol debugging is on
*Mar 1 00:56:11.927: RIP: received packet with MD5 authentication
*Mar 1 00:56:11.927: RIP: received v2 update from 192.168.12.2 on FastEthernet0/0
*Mar 1 00:56:11.927: 192.168.0.2/32 via 0.0.0.0 in 1 hops
*Mar 1 00:56:11.931: 192.168.0.4/32 via 0.0.0.0 in 2 hops
*Mar 1 00:56:11.931: 192.168.24.0/24 via 0.0.0.0 in 1 hops
*Mar 1 00:56:11.935: 192.168.34.0/24 via 0.0.0.0 in 2 hops
In RIP Authentication Key chain names may be different on neighboring routers, but key-id and key-string must match.
No comments:
Post a Comment