Network Technology: Network Security: How to Configuring RIP Authentication
As my previous post about RIP Protocol, here this post I want to show you how to configure RIP Authentication...
Generally, There are two versions of Routing Information Protocol (RIP): version 1 and version 2. RIP version 1 does not support authentication of routing updates; however, RIP version 2 supports both plain text and MD5 authentication.
The Picture Figure below shows two routers, Router A and Router B, that exchange
RIP version 2 MD5 authentication updates.
Configuring authentication of RIP version 2 updates is fairly easy and very uniform. The basic configuration includes the following steps:
1. Define the key chain using the command key−chain <> in global configuration mode. This command transfers you to the key chain configuration mode.
2. Specify the key number with the key <> command in key chain configuration mode.You can configure multiple keys.
3. For each key, identify the key string with the key−string <> command.
4. Configure the period for which the key can be sent and received. Use the following
commands:
accept−lifetime
seconds}
send−lifetime
5. Exit key chain configuration mode with the exit command.
6. Under interface configuration mode, enable the authentication of RIP updates with this command:
ip rip authentication key−chain
This command is all that is needed to use plain text authentication.
7. Optionally, under interface configuration mode, enable MD5 authentication of RIP updates using the ip rip authentication mode md5 command.
The listings that follow show how Router A and Router B in Figure 1.3 should be configured to authenticate updates from one another using RIP MD5 authentication. Listing 1.1 shows the configuration of Router A, and Listing 1.2 shows the configuration of Router B.
Listing 1.1: Router A's configuration with MD5 authentication:
key chain systems
key 1
key−string router
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/0
ip address 10.10.11.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.10.1 255.255.255.252
ip rip authentication mode md5
ip rip authentication key−chain systems
clockrate 64000
!
router rip
version 2
network 10.0.0.0
network 192.168.10.0
no auto−summary
Listing 1.2: Router B's configuration with MD5 authentication:
key chain cisco
key 1
key−string router
!
interface Loopback0
ip address 10.10.12.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.10.13.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.10.2 255.255.255.252
ip rip authentication mode md5
ip rip authentication key−chain cisco
!
router rip
version 2
network 10.0.0.0
network 192.168.10.0
no auto−summary
The configuration in Listing 1.1 displays Router A's MD5 configuration. Router A is configured with a key chain value of systems, a key value of 1, and a key−string value of router. Listing 1.2 displays Router B's MD5 configuration. Router B is configured with a key chain value of cisco, a key value of 1, and a key−string value of router.
Note Notice that the key−chain
You can use the command debug ip rip to examine how RIP receives the encrypted routing updates. Entering this command on Router A and Router B displays the output shown in Listing 1.3 and Listing 1.4, respectively.
Listing 1.3: The output of the command debug ip rip displays how Router A receives RIP routing
updates from Router B:
Router−A#debug ip rip
RIP protocol debugging is on
Router−A#
RIP: received packet with MD5 authentication
RIP: received v2 update from 192.168.10.2 on Serial0/0
10.10.12.0/24 −> 0.0.0.0 in 1 hops
10.10.13.0/24 −> 0.0.0.0 in 1 hops
Listing 1.4: The output of the command debug ip rip displays how Router B receives RIP routing
updates from Router A:
Router−B#debug ip rip
RIP protocol debugging is on
Router−B#
RIP: received packet with MD5 authentication
RIP: received v2 update from 192.168.10.1 on Serial0/0
10.10.10.0/24 via 0.0.0.0 in 1 hops
10.10.11.0/24 via 0.0.0.0 in 1 hops
Other sites you may want to see:
Entertainment on Flixya: http://visalittleboy.flixya.com/
WWE: http://visa-wwe.blogspot.com/
The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/
Daily Blogging: http://visablogging.blogspot.com/
Love Sharing: http://visa-love.blogspot.com/
NetworkSecurity: http://networksecuritynotes.blogspot.com/
About Insurance:http://visa-insurance.blogspot.com
All about Love: http://visa-love.blogspot.com/
Learning English Online: http://visa-elb.blogspot.com/
Discovery Internet: http://visa-isp.blogspot.com/
0 comments:
Post a Comment