4.2 Configuring RIP v2  
  4.2.4 Configuring authentication  
The implementation of RIP v2 message authentication by Cisco includes the choice of a simple password or MD5 authentication, and the option of defining multiple keys, or passwords on a key chain. The router may then be configured to use different keys at different times. Plain text authentication is the default setting in every RIP v2 packet.

The steps for setting up RIP v2 authentication are as follows:

  1. Define a key chain with a name.
  2. Define the key or keys on the key chain.
  3. Enable authentication on an interface and specify the key chain to be used.
  4. Specify whether the interface will use clear text or MD5 authentication.
  5. Optionally configure key management.

In the following example, a key chain named Romeo is configured. Key 1, the only key on the chain, has a password of Juliet. FastEthernet0/0 then uses the key, with MD5 authentication to validate updates from neighboring RIP v2 routers.

Router(config)#key chain Romeo
Router(config-keychain)#key 1
Router(config-keychain-key)#
key-string Juliet

Router(config-keychain-key)#
interface fastethernet 0/0

Router(config-if)#ip rip authentication key-chain Romeo
Router(config-if)#ip rip authentication mode md5

If the command ip rip authentication mode md5 is not added, the interface will use the default clear text authentication. Although clear text authentication may be necessary to communicate with some RIP v2 implementations, for security concerns use the more secure MD5 authentication whenever possible.

A key chain must be configured, even if there is only one key on it. Although any routers that will exchange authenticated updates must have the same password, the name of the key chain has significance only on the local router.

 

Interactive Media Activity

Drag and Drop: RIP v2 Authentication

Upon completion of this activity, the student will be able to list the steps for setting up RIP v2 authentication.