OcNOS-SP : Layer 3 Guide : Routing Information Protocol Command Reference : Routing Information Protocol Authentication
Routing Information Protocol Authentication
To support RIPv2 message authentication, you can choose plain text or MD5 authentication, with the option for a single key or multiple keys in different modes and stages.
Single Key Authentication
Use the following steps to configure route to enable RIPv2 authentication using a single key or password:
1. Define the authentication string or password
In the Interface mode, specify the authentication string or password used by the key using the following command:
ip rip authentication string LINE
where LINE is the authentication string or password
2. Specify mode of authentication for the interface
In the Interface mode, specify either text or MD5 authentication using the following command:
ip rip authentication mode md5|text
Example
#configure terminal
(config)#interface eth0
(config-if)#ip rip authentication string mykey
(config-if)#ip rip authentication mode md5
Multiple Keys Authentication
Use the following steps to configure route to enable RIPv2 authentication using multiple keys at different times:
1. Define a key chain
In the Configure mode, identify a key chain with a key chain name using the following command:
key chain KEYNAME
where KEYNAME is the name of the chain to manage.
2. Define the key(s)
In the Keychain mode, specify a key on this key chain using the following command:
key-id KEYID
where KEYID = <0-2147483647> Key Identifier number
3. Define the authentication string or password
In the Keychain-key mode, define the password used by a key, using the following command:
key-string WORD
where WORD is a string of characters to be used as a password by the key.
4. Set key management options
This step can be performed at this stage or later when multiple keys are used. The options are configured in the keychain-key command mode.
Set the time period during which the authentication key on a key chain is received as valid, using the following command:
accept-lifetime START END
where START and END are the beginning and end of the time period.
Set the time period during which the authentication key on a key chain can be sent using the following command:
send-lifetime START END
where START and END are the beginning and end of the time period.
5. Enable authentication on an interface
In the Interface mode, enable authentication on an interface and specify the key chain to be used, using the following command:
ip rip authentication key-chain CHAINNAME
where CHAINNAME is a set of valid authentication keys
6. Specify mode of authentication for the interface
In the Interface mode, specify either text or MD5 authentication using the following command:
ip rip authentication mode md5|text
Example
In the following example, a password toyota is set for a key-id 1 in a key chain cars. On Interface eth0 authentication is enabled and the authentication mode is set as MD5.
#configure terminal
(config)#key chain cars
(config-keychain)#key-id 1
(config-keychain-key)#key-string toyota
(config-keychain-key)#accept-lifetime 10:00:00 Oct 08 2002 duration 43200
(config-keychain-key)#send-lifetime 10:00:00 Oct 08 2002 duration 43200
(config-keychain-key)#exit
(config-keychain)#exit
(config)#interface eth0
(config-if)#ip rip authentication key-chain cars
(config-if)#ip rip authentication mode md5
(config-if)#exit