RIP
This chapter contains basic Router Information Protocol (RIP) configuration examples.
Enable RIP
This example shows the minimum configuration required to enable RIP on an interface. R1 and R2 are two routers connecting to network 10.10.11.0/24. R1 and R2 are also connected to networks 10.10.10.0/24 and 10.10.12.0/24, respectively. To enable RIP, first define the RIP routing process, then associate a network with the routing process.
Topology
Enable RIP Topology
R1
#configure terminal | Enter configure mode. |
---|
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.10.0/24 (config-router)#network 10.10.11.0/24 | Associate networks with the RIP process. |
(config-router)#exit | Exit router mode and return to configure mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
R2
#configure terminal | Enter configure mode. |
---|
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.11.0/24 (config-router)#network 10.10.12.0/24 | Associate networks with the RIP process. |
(config-router)#exit | Exit router mode and return to configure mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
Validation
show ip rip, show running-config, show ip protocols rip, show ip rip interface, show ip route
R1
#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 xe1
Rc 10.10.11.0/24 1 xe2
R 10.10.12.0/24 10.10.11.50 2 10.10.11.50 xe2 02:32
#show running-config rip
!
router rip
network 10.10.10.0/24
network 10.10.11.0/24
!
#show ip protocols rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 2 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing:
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
xe48 2 2
ce49 2 2
Routing for Networks:
10.10.10.0/24
10.10.11.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.11.50 120 00:00:06 0 0
Number of routes (including connected): 3
Distance: (default is 120)
#show ip rip interface
lo is up, line protocol is up
RIP is not enabled on this interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
xe1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.10/24
xe2 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.11.10/24
xe3 is up, line protocol is up
RIP is not enabled on this interface
...
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.10.0/24 is directly connected, xe1, 00:08:01
C 10.10.11.0/24 is directly connected, xe2, 00:07:34
R 10.10.12.0/24 [120/2] via 10.10.11.50, xe2, 00:05:10
C 127.0.0.0/8 is directly connected, lo, 4d18h40m
C 192.168.0.2/32 is directly connected, lo, 4d13h46m
Gateway of last resort is not set
R2
#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
R 10.10.10.0/24 10.10.11.10 2 10.10.11.10 xe1 02:34
Rc 10.10.11.0/24 1 xe1
Rc 10.10.12.0/24 1 xe2
#show running-config rip
!
router rip
network 10.10.11.0/24
network 10.10.12.0/24
!
#show ip protocols rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 25 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing:
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
xe2 2 2
ce49 2 2
Routing for Networks:
10.10.11.0/24
10.10.12.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.11.10 120 00:00:13 0 0
Number of routes (including connected): 3
Distance: (default is 120)
#show ip rip interface
lo is up, line protocol is up
RIP is not enabled on this interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
xe1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.11.50/24
xe2 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.12.10/24
xe3 is up, line protocol is up
RIP is not enabled on this interface
...
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
R 10.10.10.0/24 [120/2] via 10.10.11.10, xe1, 00:11:08
C 10.10.11.0/24 is directly connected, xe1, 00:13:00
C 10.10.12.0/24 is directly connected, xe2, 00:12:26
C 127.0.0.0/8 is directly connected, lo, 4d18h50m
C 192.168.0.1/32 is directly connected, lo, 4d14h01m
Gateway of last resort is not set
Specify RIP Version
Configure a router to receive and send specific versions of packets on an interface. In this example, router R2 is configured to receive and send RIP version 1 and version 2 information on both eth1 and eth2 interfaces.
Topology
RIP Version Topology
R2
#configure terminal | Enter configure mode |
(config)#router rip | Enable the RIP routing process |
(config-router)#exit | Exit router mode |
(config)#interface eth1 | Enter interface mode |
(config-if)#ip rip send version 1 2 | Send RIP version 1 and version 2 packets out this interface |
(config-if)#ip rip receive version 1 2 | Receive RIP version 1 and version 2 packets from this interface |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#interface eth2 | Enter interface mode |
(config-if)#ip rip send version 1 2 | Send RIP version 1 and version 2 packets out this interface |
(config-if)#ip rip receive version 1 2 | Receive RIP version 1 and version 2 packets from this interface |
(config-if)#exit | Exit router mode and return to configure mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
Validation
R2
#sh ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
Rc 10.10.11.0/24 1 eth1
Rc 10.10.12.0/24 1 eth2
#sh running-config
!
no service password-encryption
!
logging monitor 7
!
ip vrf management
!
ip domain-lookup
spanning-tree mode provider-rstp
data-center-bridging enable
feature telnet
feature ssh
no feature tacacs+
snmp-server view all .1 included
ntp enable
sFlow disable
software-watchdog keep-alive-time 30
!
ip pim register-rp-reachability
!
interface lo
mtu 65536
ip address 127.0.0.1/8
ip address 192.168.0.2/32 secondary
ipv6 address ::1/128
!
interface eth0
ip address 10.12.4.108/24
!
interface eth1
ip address 10.10.11.50/24
ip rip send version 1 2
ip rip receive version 1 2
!
interface eth2
ip address 10.10.12.10/24
ip rip send version 1 2
ip rip receive version 1 2
!
router rip
network 10.10.11.0/24
network 10.10.12.0/24
!
line con 0
login
line vty 0 39
login
!
end
#show ip protocols rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 29 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing:
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth1 1 2 1 2
eth2 1 2 1 2
Routing for Networks:
10.10.11.0/24
10.10.12.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.11.10 120 00:00:31 0 0
10.10.12.50 120 00:00:08 0 0
Number of routes (including connected): 2
Distance: (default is 120)
#show ip rip interface
svlan0.1 is down, line protocol is down
RIP is not enabled on this interface
eth2 is up, line protocol is up
Routing Protocol: RIP
Receive RIPv1 and RIPv2 packets
Send RIPv1 and RIPv2 packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.12.10/24
eth1 is up, line protocol is up
Routing Protocol: RIP
Receive RIPv1 and RIPv2 packets
Send RIPv1 and RIPv2 packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.11.50/24
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.11.0/24 is directly connected, eth1, 00:04:22
C 10.10.12.0/24 is directly connected, eth2, 00:10:59
C 127.0.0.0/8 is directly connected, lo, 4d19h04m
C 192.168.0.1/32 is directly connected, lo, 4d14h15m
Authentication with a Single Key
OcNOS RIP provides a choice of configuring authentication with a single key or with multiple keys. This example shows authenticating routing information exchange using a single key.
Topology
Routers R1 and R2 are running RIP and exchanging routing updates. To configure single-key authentication on R1, specify an interface, then define a key or password for that interface. Next, specify an authentication mode. Any receiving RIP packet on this specified interface should have the same string as the password. For an exchange of updates between R1 and R2, define the same password and authentication mode on R2.
Single-key Topology
R1
#configure terminal | Enter configure mode. |
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.10.0/24 | Associate network 10.10.10.0/24 with the RIP process. |
(config-router)#redistribute connected | Enable redistributing from connected routes. |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#interface eth1 | Specify the interface (eth1) for authentication. |
(config-if)#ip rip authentication string ABC | Specify the authentication string (ABC) for this interface. |
(config-if)#ip rip authentication mode md5 | Specify the authentication mode to be MD5. |
(config-if)#exit | Exit router mode and return to configure mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
R2
#configure terminal | Enter configure mode. |
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.11.0/24 | Associate network 10.10.11.0/24 with the RIP process. |
(config-router)#redistribute connected | Enable redistributing from connected routes. |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#interface eth2 | Specify the interface (eth2) for authentication. |
(config-if)#ip rip authentication string ABC | Specify the authentication string (ABC) on this interface. |
(config-if)#ip rip authentication mode md5 | Specify the authentication mode to be MD5. |
(config-if)#exit | Exit router mode and return to configure mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
Validation
show running-config, show ip rip, show ip protocol rip, show ip rip interface, show ip route
R1
#show running-config
!
no service password-encryption
!
hostname rtr1
!
logging monitor 7
!
ip vrf management
!
ip domain-lookup
spanning-tree mode provider-rstp
data-center-bridging enable
feature telnet
feature ssh
no feature tacacs+
snmp-server view all .1 included
ntp enable
sFlow disable
software-watchdog keep-alive-time 30
!
ip pim register-rp-reachability
!
interface lo
mtu 65536
ip address 127.0.0.1/8
ip address 192.168.0.1/32 secondary
ipv6 address ::1/128
!
interface eth0
ip address 10.12.4.92/24
!
interface eth1
ip address 10.10.10.10/24
ip rip authentication mode md5
ip rip authentication string 0x5c5b790e25d29287
!
interface eth2
ip address 10.10.11.10/24
!
router rip
network 10.10.10.0/24
redistribute connected
!
line con 0
login
line vty 0 39
login
!
end
#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 eth1
Rc 10.10.11.0/24 1 eth2
R 10.10.12.0/24 10.10.11.50 2 10.10.11.50 eth2 02:41
R 192.168.0.1/32 10.10.11.50 2 10.10.11.50 eth2 02:41
C 192.168.0.2/32 1 lo
#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 26 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth1 2 2
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.50 120 00:00:31 0 0
Number of routes (including connected): 6
Distance: (default is 120)
#show ip rip interface
svlan0.1 is down, line protocol is down
RIP is not enabled on this interface
eth2 is up, line protocol is up
RIP is not enabled on this interface
eth1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.10/24
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
IP Route Table for VRF "default"
Gateway of last resort is 10.12.4.1 to network 0.0.0.0
K* 0.0.0.0/0 [0/0] via 10.12.4.1, eth0
C 10.10.10.0/24 is directly connected, eth1
C 10.10.11.0/24 is directly connected, eth2
R 10.10.12.0/24 [120/2] via 10.10.10.50, eth1, 00:04:05
C 10.12.4.0/24 is directly connected, eth0
C 127.0.0.0/8 is directly connected, lo
C 192.168.0.1/32 is directly connected, lo
R 192.168.0.2/32 [120/2] via 10.10.10.50, eth1, 00:04:05
R2
#sh running-config
!
no service password-encryption
!
logging monitor 7
!
ip vrf management
!
ip domain-lookup
spanning-tree mode provider-rstp
data-center-bridging enable
feature telnet
feature ssh
no feature tacacs+
snmp-server view all .1 included
ntp enable
sFlow disable
software-watchdog keep-alive-time 30
!
ip pim register-rp-reachability
!
interface lo
mtu 65536
ip address 127.0.0.1/8
ip address 192.168.0.2/32 secondary
ipv6 address ::1/128
!
interface eth0
ip address 10.12.4.108/24
!
interface eth1
ip address 10.10.12.50/24
!
interface eth2
ip address 10.10.10.50/24
ip rip authentication mode md5
ip rip authentication string 0x5c5b790e25d29287
!
router rip
network 10.10.10.0/24
redistribute connected
!
line con 0
login
line vty 0 39
login
!
end
#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
R 10.10.10.0/24 10.10.11.10 2 10.10.11.10 eth1 02:37
Rc 10.10.11.0/24 1 eth1
Rc 10.10.12.0/24 1 eth2
C 192.168.0.1/32 1 lo
R 192.168.0.2/32 10.10.11.10 2 10.10.11.10 eth1 02:37
#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 5 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth2 2 2
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.10 120 00:00:01 0 0
Number of routes (including connected): 6
Distance: (default is 120)
#show ip rip interface
svlan0.1 is down, line protocol is down
RIP is not enabled on this interface
eth2 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.50/24
eth1 is up, line protocol is up
RIP is not enabled on this interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
IP Route Table for VRF "default"
Gateway of last resort is 10.12.4.1 to network 0.0.0.0
K* 0.0.0.0/0 [0/0] via 10.12.4.1, eth0
C 10.10.10.0/24 is directly connected, eth2
R 10.10.11.0/24 [120/2] via 10.10.10.10, eth2, 00:07:36
C 10.10.12.0/24 is directly connected, eth1
C 10.12.4.0/24 is directly connected, eth0
C 127.0.0.0/8 is directly connected, lo
R 192.168.0.1/32 [120/2] via 10.10.10.10, eth2, 00:07:36
C 192.168.0.2/32 is directly connected, lo
Text Authentication with Multiple Keys
This example illustrates text authentication of the routing information exchange process for RIP using multiple keys.
Topology
Routers R1 and R2 are running RIP, and exchanging routing updates. To configure authentication on R1, define a key chain, specify keys in the key chain, then define the authentication string or passwords to use by the keys. Set the time period during which it is valid to receive or send the authentication key by specifying the accept and send lifetimes. After defining the key string, specify the key chain (or set of keys) that will be used for authentication on each interface, and the authentication mode to use.
R1 receives all packets that contain any key string that matches one of the key strings included in the specified key chain (within the accept lifetime) on that interface. The key ID is not considered for matching. For additional security, the accept lifetime and send lifetime are configured such that every fifth day, the key ID and key string changes. To maintain continuity, the accept lifetimes should be configured to overlap. This will accommodate different time setup on machines. However, the send lifetime is not required to overlap, and IP Infusion Inc. recommends configuring no overlapping for the send lifetime.
Multiple-key Topology
R1
#configure terminal | Enter configure mode. |
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.10.0/24 | Associate network 10.10.10.0/24 with the RIP process. |
(config-router)#redistribute connected | Enable redistributing from connected routes. |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#key chain SUN | Enter Keychain management mode to add keys to the key chain SUN. |
(config-keychain)#key-id 10 | Add authentication key ID (10) to the key chain SUN. |
(config-keychain-key)#key-string ABC | Specify a password (ABC) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 27 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be received. In this case, key string ABC can be received from 7 PM of Aug 27 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 27 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string ABC can be sent from 7 PM of Aug 27 to 11 PM Aug 31, 2024. |
(config-keychain-key)#exit | Exit Keychain-Key mode, and return to Keychain mode. |
(config-keychain)#commit | Commit the candidate configuration to the running configuration |
(config-keychain)#key-id 20 | Add another authentication key (20) to the key chain SUN. |
(config-keychain-key)#key-string Earth | Specify a password (Earth) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which authentication key string Earth can be received. In this case, key string Earth can be received from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string Earth can be sent from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#commit | Commit the candidate configuration to the running configuration |
(config-keychain-key)#exit | Exit Keychain-Key mode. |
#configure terminal | Enter configure mode. |
(config)#interface eth1 | Specify interface eth1 as the interface you want to configure. |
(config-if)#ip address 10.10.10.10/24 | Assign the IP address to an interface eth1. |
(config-if)#ip rip authentication key-chain SUN | Enable RIPv2 authentication on eth1 interface and specify the key-chain SUN to use for authentication. |
(config-if)#ip rip authentication mode text | Specify text authentication mode to use for RIP packets. This step is optional, because text is the default mode. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#interface eth2 | Specify interface eth2 as the interface you want to configure. |
(config-if)#ip address 44.4.4.4/24 | Assign the IP address to an interface eth2. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
R2
#configure terminal | Enter configure mode. |
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.10.0/24 | Associate network 10.10.10.0/24 with the RIP process. |
(config-router)#redistribute connected | Enable redistributing from connected routes. |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#key chain MOON | Enter Keychain management mode to add keys to the key chain MOON. |
(config-keychain)#key-id 30 | Add authentication key ID (30) to the key chain MOON. |
(config-keychain-key)#key-string ABC | Specify a password (ABC) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which authentication key string ABC can be received. In this case, key string ABC can be received from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string ABC can be sent from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#exit | Exit Keychain-Key mode, and return to Keychain mode. |
(config-keychain)#commit | Commit the candidate configuration to the running configuration |
(config-keychain)#key-id 40 | Add another authentication key (40) to the key chain MOON. |
(config-keychain-key)#key-string Earth | Specify a password (Earth) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which authentication key string Earth can be received. In this case, key string Earth can be received from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string Earth can be sent from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#commit | Commit the candidate configuration to the running configuration |
(config-keychain-key)#exit | Exit Keychain-Key mode. |
#configure terminal | Enter configure mode. |
(config)#interface eth2 | Specify interface eth2 as the interface you want to configure. |
(config-if)#ip address 10.10.10.50/24 | Assign the IP address to an interface eth2. |
(config-if)#ip rip authentication key-chain MOON | Enable RIPv2 authentication on the eth2 interface, and specify the key-chain MOON to use for authentication. |
(config-if)#ip rip authentication mode text | Specify the authentication mode to use for RIP packets. This step is optional, because text is the default mode. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#interface eth1 | Specify interface eth1 as the interface you want to configure. |
(config-if)#ip address 55.5.5.5/24 | Assign the IP address to an interface eth1. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
Validation
show running-config, show ip rip, show ip protocol rip, show ip rip interface, show ip route
R1
Here is the snippet configuration for R1 in the given network topology.
R1#show running-config
!
key chain SUN
key-id 10
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 27 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 27 2024 23:00:00 Aug 31 2024
key-id 20
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
!
interface lo
mtu 65536
ip address 127.0.0.1/8
ip address 192.168.0.1/32 secondary
ipv6 address ::1/128
!
interface lo.management
ip vrf forwarding management
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface eth0
ip address 10.12.4.92/24
!
interface eth1
ip address 10.10.10.10/24
ip rip authentication mode text
ip rip authentication key-chain SUN
!
interface eth2
ip address 44.4.4.4/24
!
router rip
network 10.10.10.0/24
redistribute connected
!
!
end
R1#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 eth1
C 44.4.4.0/24 1 eth2
R 55.5.5.0/24 10.10.10.50 2 10.10.10.50 eth1 02:29
C 192.168.0.1/32 1 lo
#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 4294967295 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth1 2 2 SUN
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.50 120 00:00:21 0 0
Number of routes (including connected): 4
Distance: (default is 120)
#show ip rip interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
lo.management is up, line protocol is up
RIP is not enabled on this interface
eth1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.10/24
eth2 is up, line protocol is up
RIP is not enabled on this interface
R1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.10.0/24 is directly connected, eth1, installed 00:58:03, last update 00:58:03 ago
C 44.4.4.0/24 is directly connected, eth2, installed 00:52:08, last update 00:52:08 ago
R 55.5.5.0/24 [120/2] via 10.10.10.50, eth1, installed 00:08:12, last update 00:08:12 ago
C 127.0.0.0/8 is directly connected, lo, installed 01:27:43, last update 01:27:43 ago
C 192.168.0.1/32 is directly connected, lo, installed 01:13:23, last update 01:13:23 ago
Gateway of last resort is not set
R2
Here is the snippet configuration for R2 in the given network topology.
R2#show running-config
!
key chain MOON
key-id 30
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
key-id 40
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
!
interface eth0
ip address 10.12.4.0/24
!
interface lo
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface lo.management
ip vrf forwarding management
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface eth1
ip address 55.5.5.5/24
!
interface eth2
ip address 10.10.10.50/24
ip rip authentication mode text
ip rip authentication key-chain MOON
!
router rip
network 10.10.10.0/24
redistribute connected
!
!
end
R2#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 eth2
R 44.4.4.0/24 10.10.10.10 2 10.10.10.10 eth2 02:40
C 55.5.5.0/24 1 eth1
R 192.168.0.1/32 10.10.10.10 2 10.10.10.10 eth2 02:40
R2#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 12 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth2 2 2 MOON
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.10 120 00:00:25 0 0
Number of routes (including connected): 4
Distance: (default is 120)
R2#show ip rip interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
lo.management is up, line protocol is up
RIP is not enabled on this interface
eth1 is up, line protocol is up
RIP is not enabled on this interface
eth2 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.50/24
R2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.10.0/24 is directly connected, eth2, installed 00:59:06, last update 00:59:06 ago
R 44.4.4.0/24 [120/2] via 10.10.10.10, eth2, installed 00:02:26, last update 00:02:26 ago
C 55.5.5.0/24 is directly connected, eth1, installed 00:52:46, last update 00:52:46 ago
C 127.0.0.0/8 is directly connected, lo, installed 01:23:42, last update 01:23:42 ago
R 192.168.0.1/32 [120/2] via 10.10.10.10, xe25, installed 00:02:26, last update 00:02:26 ago
Gateway of last resort is not set
MD5 Authentication with Multiple Keys
This example illustrates the MD5 authentication of the routing information exchange process for RIP using multiple keys.
Topology
Routers R1 and R2 are running RIP, and exchanging routing updates. To configure authentication on R1, define a key chain, specify keys in the key chain, then define the authentication string or passwords to use by the keys. Then, set the time period during which it is valid to receive or send the authentication key by specifying the accept and send lifetimes. After defining the key string, specify the key chain (or the set of keys) that will be used for authentication on the interface, and the authentication mode to use. Configure R2 and R3 to have the same key ID and key string as R1 for the time that updates are to be exchanged.
In MD5 authentication, both the key ID and key string are matched for authentication. R1 will receive only packets that match both the key ID and the key string in the specified key chain (within the accept lifetime) on that interface. In the following example, R2 has the same key ID and key string as R1. For additional security, the accept lifetime and send lifetime are configured such that every fifth day, the key ID and key string changes. To maintain continuity, the accept lifetimes should be configured to overlap; however, the send lifetime should not overlap.
MD5 Multiple-key Topology
R1
#configure terminal | Enter configure mode. |
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.10.0/24 | Associate network 10.10.10.0/24 with the RIP process. |
(config-router)#redistribute connected | Enable redistributing from connected routes. |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#key chain SUN | Enter Keychain management mode to add keys to the key chain SUN. |
(config-keychain)#key-id 1 | Add authentication key ID (1) to the key chain SUN. |
(config-keychain-key)#key-string ABC | Specify a password (ABC) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which authentication key string ABC can be received. In this case, key string ABC can be received from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string ABC can be sent from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#exit | Exit Keychain-Key mode, and return to Keychain mode. |
(config-keychain)#commit | Commit the candidate configuration to the running configuration |
(config-keychain)#key-id 2 | Add another authentication key (2) to the key chain SUN. |
(config-keychain-key)#key-string Earth | Specify a password (Earth) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which authentication key string Earth can be received. In this case, key string Earth can be received from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string Earth can be sent from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#commit | Commit the candidate configuration to the running configuration |
(config-keychain-key)#exit | Exit Keychain-Key mode. |
#configure terminal | Enter configure mode. |
(config)#interface eth1 | Specify interface eth1 as the interface you want to configure. |
(config-if)#ip address 10.10.10.10/24 | Assign the IP address to an interface eth1. |
(config-if)#ip rip authentication key-chain SUN | Enable RIPv2 authentication on the eth1 interface, and specify the key chain SUN to use for authentication. |
(config-if)#ip rip authentication mode md5 | Specify MD5 authentication mode to use for RIP packets. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#interface eth2 | Specify interface eth2 as the interface you want to configure. |
(config-if)#ip address 44.4.4.4/24 | Assign the IP address to an interface eth2. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
R2
#configure terminal | Enter configure mode. |
(config)#router rip | Define a RIP routing process, and enter Router mode. |
(config-router)#network 10.10.10.0/24 | Associate network 10.10.10.0/24 with the RIP process. |
(config-router)#redistribute connected | Enable redistributing from connected routes. |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#key chain MOON | Enter Keychain management mode to add keys to the key chain MOON. |
(config-keychain)#key-id 1 | Add authentication key ID (1) to the key chain MOON. |
(config-keychain-key)#key-string ABC | Specify a password (ABC) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which authentication key string ABC can be received. In this case, key string ABC can be received from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string ABC can be sent from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#exit | Exit Keychain-Key mode, and return to Keychain mode. |
(config-keychain)#commit | Commit the candidate configuration to the running configuration |
(config-keychain)#key-id 2 | Add another authentication key (2) to the key chain MOON. |
(config-keychain-key)#key-string Earth | Specify a password (Earth) to use by the specified key. |
(config-keychain-key)#accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which authentication key string Earth can be received. In this case, key string Earth can be received from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024 | Specify the time period during which the authentication key can be sent. In this case, key string Earth can be sent from 7 PM of Aug 02 to 11 PM Aug 31, 2024. |
(config-keychain-key)#commit | Commit the candidate configuration to the running configuration |
(config-keychain-key)#end | Enter Privileged Exec mode. |
#configure terminal | Enter configure mode. |
(config)#interface eth2 | Specify interface eth2 as the interface you want to configure. |
(config-if)#ip address 10.10.10.50/24 | Assign the IP address to an interface eth2. |
(config-if)#ip rip authentication key-chain MOON | Enable RIPv2 authentication on the eth1 interface, and specify the key chain MOON to use for authentication. |
(config-if)#ip rip authentication mode md5 | Specify the authentication mode to use for RIP packets. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#interface eth1 | Specify interface eth1 as the interface you want to configure. |
(config-if)#ip address 55.5.5.5/24 | Assign the IP address to an interface eth1. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the candidate configuration to the running configuration |
Validation
show running-config, show ip rip, show ip protocol rip, show ip rip interface
R1
Here is the snippet configuration for R1 in the given network topology.
R1#show running-config
!
key chain SUN
key-id 10
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 27 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 27 2024 23:00:00 Aug 31 2024
key-id 20
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
!
interface lo
mtu 65536
ip address 127.0.0.1/8
ip address 192.168.0.1/32 secondary
ipv6 address ::1/128
!
interface lo.management
ip vrf forwarding management
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface eth0
ip address 10.12.4.92/24
!
interface eth1
ip address 10.10.10.10/24
ip rip authentication mode md5
ip rip authentication key-chain SUN
!
interface eth2
ip address 44.4.4.4/24
!
router rip
network 10.10.10.0/24
redistribute connected
!
!
end
R1#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 eth1
C 44.4.4.0/24 1 eth2
R 55.5.5.0/24 10.10.10.50 2 10.10.10.50 eth1 02:29
C 192.168.0.1/32 1 lo
R1#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 4294967295 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth1 2 2 SUN
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.50 120 00:00:21 0 0
Number of routes (including connected): 4
Distance: (default is 120)
#show ip rip interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
lo.management is up, line protocol is up
RIP is not enabled on this interface
eth1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.10/24
eth2 is up, line protocol is up
RIP is not enabled on this interface
R2
Here is the snippet configuration for R2 in the given network topology.
R2#show running-config
!
key chain MOON
key-id 30
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
key-id 40
key-string encrypted 0xa057668002822d4f0e04131ff4996b184d8711aa527604f7
accept-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
send-lifetime 19:00:00 Aug 02 2024 23:00:00 Aug 31 2024
!
interface eth0
ip address 10.12.4.0/24
!
interface lo
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface lo.management
ip vrf forwarding management
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface eth1
ip address 55.5.5.5/24
!
interface eth2
ip address 10.10.10.50/24
ip rip authentication mode md5
ip rip authentication key-chain MOON
!
router rip
network 10.10.10.0/24
redistribute connected
!
!
end
R2#show ip rip
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 eth2
R 44.4.4.0/24 10.10.10.10 2 10.10.10.10 eth2 02:40
C 55.5.5.0/24 1 eth1
R 192.168.0.1/32 10.10.10.10 2 10.10.10.10 eth2 02:40
R2#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 12 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth2 2 2 MOON
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.10 120 00:00:25 0 0
Number of routes (including connected): 4
Distance: (default is 120)
R2#show ip rip interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
lo.management is up, line protocol is up
RIP is not enabled on this interface
eth1 is up, line protocol is up
RIP is not enabled on this interface
eth2 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.50/24