Popular Posts

Monday, 25 October 2010

Network Technology: Network Security: How to Configuring RIP Authentication

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

As my previous post about RIP Protocol, here this post I want to show you how to configure RIP Authentication...

Generally, There are two versions of Routing Information Protocol (RIP): version 1 and version 2. RIP version 1 does not support authentication of routing updates; however, RIP version 2 supports both plain text and MD5 authentication.

The Picture Figure below shows two routers, Router A and Router B, that exchange
RIP version 2 MD5 authentication updates.

Router A and Router B configured for RIP authentication


Configuring authentication of RIP version 2 updates is fairly easy and very uniform. The basic configuration includes the following steps:


1. Define the key chain using the command key−chain <> in global configuration mode. This command transfers you to the key chain configuration mode.

2. Specify the key number with the key <> command in key chain configuration mode.You can configure multiple keys.

3. For each key, identify the key string with the key−string <> command.

4. Configure the period for which the key can be sent and received. Use the following
commands:

accept−lifetime {infinite|end−time|duration −
seconds}
send−lifetime {infinite|end−time|duration seconds}


5. Exit key chain configuration mode with the exit command.

6. Under interface configuration mode, enable the authentication of RIP updates with this command:

ip rip authentication key−chain

This command is all that is needed to use plain text authentication.

7. Optionally, under interface configuration mode, enable MD5 authentication of RIP updates using the ip rip authentication mode md5 command.

The listings that follow show how Router A and Router B in Figure 1.3 should be configured to authenticate updates from one another using RIP MD5 authentication. Listing 1.1 shows the configuration of Router A, and Listing 1.2 shows the configuration of Router B.

Listing 1.1: Router A's configuration with MD5 authentication:

key chain systems
key 1
key−string router
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/0
ip address 10.10.11.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.10.1 255.255.255.252
ip rip authentication mode md5
ip rip authentication key−chain systems
clockrate 64000
!
router rip
version 2
network 10.0.0.0
network 192.168.10.0
no auto−summary

Listing 1.2: Router B's configuration with MD5 authentication:

key chain cisco
key 1
key−string router
!
interface Loopback0
ip address 10.10.12.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.10.13.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.10.2 255.255.255.252
ip rip authentication mode md5
ip rip authentication key−chain cisco
!
router rip
version 2
network 10.0.0.0
network 192.168.10.0
no auto−summary

The configuration in Listing 1.1 displays Router A's MD5 configuration. Router A is configured with a key chain value of systems, a key value of 1, and a key−string value of router. Listing 1.2 displays Router B's MD5 configuration. Router B is configured with a key chain value of cisco, a key value of 1, and a key−string value of router.

Note Notice that the key−chain command of each router can have a different value; however, the key−string command must match for each key that is configured on each neighbor.

You can use the command debug ip rip to examine how RIP receives the encrypted routing updates. Entering this command on Router A and Router B displays the output shown in Listing 1.3 and Listing 1.4, respectively.


Listing 1.3: The output of the command debug ip rip displays how Router A receives RIP routing
updates from Router B:

Router−A#debug ip rip
RIP protocol debugging is on
Router−A#
RIP: received packet with MD5 authentication
RIP: received v2 update from 192.168.10.2 on Serial0/0
10.10.12.0/24 −> 0.0.0.0 in 1 hops
10.10.13.0/24 −> 0.0.0.0 in 1 hops

Listing 1.4: The output of the command debug ip rip displays how Router B receives RIP routing
updates from Router A:

Router−B#debug ip rip
RIP protocol debugging is on
Router−B#
RIP: received packet with MD5 authentication
RIP: received v2 update from 192.168.10.1 on Serial0/0
10.10.10.0/24 via 0.0.0.0 in 1 hops
10.10.11.0/24 via 0.0.0.0 in 1 hops



Other sites you may want to see:

Entertainment on Flixya: http://visalittleboy.flixya.com/
WWE: http://visa-wwe.blogspot.com/
The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/
Daily Blogging: http://visablogging.blogspot.com/
Love Sharing: http://visa-love.blogspot.com/
NetworkSecurity: http://networksecuritynotes.blogspot.com/
About Insurance:http://visa-insurance.blogspot.com
All about Love: http://visa-love.blogspot.com/
Learning English Online: http://visa-elb.blogspot.com/
Discovery Internet: http://visa-isp.blogspot.com/

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

To Stay Up to date with Network Security, Please Subscribe!

0 comments:

Post a Comment