Routing Information Protocol Authentication

OcNOS-SP : Layer 3 Guide : Routing Information Protocol Command Reference : Routing Information Protocol Authentication

To support RIPv2 message authentication, you can choose plain text or MD5 authentication, with the option for a single key or multiple keys in different modes and stages.

Single Key Authentication

Use the following steps to configure route to enable RIPv2 authentication using a single key or password:

1. Define the authentication string or password

In the Interface mode, specify the authentication string or password used by the key using the following command:

ip rip authentication string LINE

where LINE is the authentication string or password

2. Specify mode of authentication for the interface

In the Interface mode, specify either text or MD5 authentication using the following command:

ip rip authentication mode md5|text

Example

#configure terminal

(config)#interface eth0

(config-if)#ip rip authentication string mykey

(config-if)#ip rip authentication mode md5

Multiple Keys Authentication

Use the following steps to configure route to enable RIPv2 authentication using multiple keys at different times:

1. Define a key chain

In the Configure mode, identify a key chain with a key chain name using the following command:

key chain KEYNAME

where KEYNAME is the name of the chain to manage.

2. Define the key(s)

In the Keychain mode, specify a key on this key chain using the following command:

key-id KEYID

where KEYID = <0-2147483647> Key Identifier number

3. Define the authentication string or password

In the Keychain-key mode, define the password used by a key, using the following command:

key-string WORD

where WORD is a string of characters to be used as a password by the key.

4. Set key management options

This step can be performed at this stage or later when multiple keys are used. The options are configured in the keychain-key command mode.

• Set the time period during which the authentication key on a key chain is received as valid, using the following command:

accept-lifetime START END

where START and END are the beginning and end of the time period.

• Set the time period during which the authentication key on a key chain can be sent using the following command:

send-lifetime START END

where START and END are the beginning and end of the time period.

5. Enable authentication on an interface

In the Interface mode, enable authentication on an interface and specify the key chain to be used, using the following command:

ip rip authentication key-chain CHAINNAME

where CHAINNAME is a set of valid authentication keys

6. Specify mode of authentication for the interface

In the Interface mode, specify either text or MD5 authentication using the following command:

ip rip authentication mode md5|text

Example

In the following example, a password toyota is set for a key-id 1 in a key chain cars. On Interface eth0 authentication is enabled and the authentication mode is set as MD5.

#configure terminal

(config)#key chain cars

(config-keychain)#key-id 1

(config-keychain-key)#key-string toyota

(config-keychain-key)#accept-lifetime 10:00:00 Oct 08 2002 duration 43200

(config-keychain-key)#send-lifetime 10:00:00 Oct 08 2002 duration 43200

(config-keychain-key)#exit

(config-keychain)#exit

(config)#interface eth0

(config-if)#ip rip authentication key-chain cars

(config-if)#ip rip authentication mode md5

(config-if)#exit