OcNOS-RON-6.3.1 : Layer 3 Guide : Layer 3 Unicast Configuration Guide : RIP : Authentication with a Single Key
Authentication with a Single Key
OcNOS RIP provides a choice of configuring authentication with a single key or with multiple keys. This example shows authenticating routing information exchange using a single key.
Topology
Routers R1 and R2 are running RIP and exchanging routing updates. To configure single-key authentication on R1, specify an interface, then define a key or password for that interface. Next, specify an authentication mode. Any receiving RIP packet on this specified interface should have the same string as the password. For an exchange of updates between R1 and R2, define the same password and authentication mode on R2.
Figure 2-5: Single-key Topology
R1
 
#configure terminal
Enter configure mode.
(config)#router rip
Define a RIP routing process, and enter Router mode.
(config-router)#network 10.10.10.0/24
Associate network 10.10.10.0/24 with the RIP process.
(config-router)#redistribute connected
Enable redistributing from connected routes.
(config-router)#exit
Exit router mode.
(config)#commit
Commit the candidate configuration to the running
configuration
 
(config)#interface eth1
Specify the interface (eth1) for authentication.
(config-if)#ip rip authentication string ABC
Specify the authentication string (ABC) for this interface.
(config-if)#ip rip authentication mode md5
Specify the authentication mode to be MD5.
(config-if)#exit
Exit router mode and return to configure mode.
(config)#commit
Commit the candidate configuration to the running
configuration
 
R2
 
#configure terminal
Enter configure mode.
(config)#router rip
Define a RIP routing process, and enter Router mode.
(config-router)#network 10.10.10.0/24
Associate network 10.10.10.0/24 with the RIP process.
(config-router)#redistribute connected
Enable redistributing from connected routes.
(config-router)#exit
Exit router mode.
(config)#commit
Commit the candidate configuration to the running
configuration
(config)#interface eth2
Specify the interface (eth2) for authentication.
(config-if)#ip rip authentication string ABC
Specify the authentication string (ABC) on this interface.
(config-if)#ip rip authentication mode md5
Specify the authentication mode to be MD5.
(config-if)#exit
Exit router mode and return to configure mode.
(config)#commit
Commit the candidate configuration to the running
configuration
Validation
show running-config, show ip rip, show ip protocol rip, show ip rip interface, show ip route
R1
#show running-config
!
no service password-encryption
!
hostname rtr1
!
logging monitor 7
!
ip vrf management
!
ip domain-lookup
spanning-tree mode provider-rstp
 
feature telnet
feature ssh
no feature tacacs+
snmp-server view all .1 included
ntp enable
sFlow disable
software-watchdog keep-alive-time 30
!
ip pim register-rp-reachability
!
interface lo
mtu 65536
ip address 127.0.0.1/8
ip address 192.168.0.1/32 secondary
ipv6 address ::1/128
!
interface eth0
ip address 10.12.4.92/24
!
interface eth1
ip address 10.10.10.10/24
ip rip authentication mode md5
ip rip authentication string 0x5c5b790e25d29287
!
interface eth2
ip address 10.10.11.10/24
!
router rip
network 10.10.10.0/24
redistribute connected
!
line con 0
login
line vty 0 39
login
!
end
 
#show ip rip
 
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
 
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 eth1
C 10.10.11.0/24 1 eth2
R 10.10.12.0/24 10.10.10.50 2 10.10.10.50 eth1 02:33
C 10.12.4.0/24 1 eth0
C 192.168.0.1/32 1 lo
R 192.168.0.2/32 10.10.10.50 2 10.10.10.50 eth1 02:33
 
#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 26 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth1 2 2
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.50 120 00:00:31 0 0
Number of routes (including connected): 6
Distance: (default is 120)
 
#show ip rip interface
svlan0.1 is down, line protocol is down
RIP is not enabled on this interface
eth2 is up, line protocol is up
RIP is not enabled on this interface
eth1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.10/24
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
 
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
 
IP Route Table for VRF "default"
Gateway of last resort is 10.12.4.1 to network 0.0.0.0
 
K* 0.0.0.0/0 [0/0] via 10.12.4.1, eth0
C 10.10.10.0/24 is directly connected, eth1
C 10.10.11.0/24 is directly connected, eth2
R 10.10.12.0/24 [120/2] via 10.10.10.50, eth1, 00:04:05
C 10.12.4.0/24 is directly connected, eth0
C 127.0.0.0/8 is directly connected, lo
C 192.168.0.1/32 is directly connected, lo
R 192.168.0.2/32 [120/2] via 10.10.10.50, eth1, 00:04:05
R2
#sh running-config
!
no service password-encryption
!
logging monitor 7
!
ip vrf management
!
ip domain-lookup
spanning-tree mode provider-rstp
 
feature telnet
feature ssh
no feature tacacs+
snmp-server view all .1 included
ntp enable
sFlow disable
software-watchdog keep-alive-time 30
!
ip pim register-rp-reachability
!
interface lo
mtu 65536
ip address 127.0.0.1/8
ip address 192.168.0.2/32 secondary
ipv6 address ::1/128
!
interface eth0
ip address 10.12.4.108/24
!
interface eth1
ip address 10.10.12.50/24
!
interface eth2
ip address 10.10.10.50/24
ip rip authentication mode md5
ip rip authentication string 0x5c5b790e25d29287
!
router rip
network 10.10.10.0/24
redistribute connected
!
line con 0
login
line vty 0 39
login
!
end
 
#show ip rip
 
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
X - Default
 
Network Next Hop Metric From If Time
Rc 10.10.10.0/24 1 eth2
R 10.10.11.0/24 10.10.10.10 2 10.10.10.10 eth2 02:58
C 10.10.12.0/24 1 eth1
C 10.12.4.0/24 1 eth0
R 192.168.0.1/32 10.10.10.10 2 10.10.10.10 eth2 02:58
C 192.168.0.2/32 1 lo
 
#show ip protocol rip
RIP Database for VRF (default)
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 5 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: connected
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
eth2 2 2
Routing for Networks:
10.10.10.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
10.10.10.10 120 00:00:01 0 0
Number of routes (including connected): 6
Distance: (default is 120)
 
#show ip rip interface
svlan0.1 is down, line protocol is down
RIP is not enabled on this interface
eth2 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.50/24
eth1 is up, line protocol is up
RIP is not enabled on this interface
eth0 is up, line protocol is up
RIP is not enabled on this interface
lo is up, line protocol is up
RIP is not enabled on this interface
 
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
 
IP Route Table for VRF "default"
Gateway of last resort is 10.12.4.1 to network 0.0.0.0
 
K* 0.0.0.0/0 [0/0] via 10.12.4.1, eth0
C 10.10.10.0/24 is directly connected, eth2
R 10.10.11.0/24 [120/2] via 10.10.10.10, eth2, 00:07:36
C 10.10.12.0/24 is directly connected, eth1
C 10.12.4.0/24 is directly connected, eth0
C 127.0.0.0/8 is directly connected, lo
R 192.168.0.1/32 [120/2] via 10.10.10.10, eth2, 00:07:36
C 192.168.0.2/32 is directly connected, lo
Last modified date: 07-13-2023