![]() ![]() |
4.2 | ![]() |
Configuring RIP v2 | |
4.2.4 | ![]() |
Configuring authentication |
The implementation of RIP v2 message authentication by Cisco includes
the choice of a simple password or MD5 authentication, and the option
of defining multiple keys, or passwords on a key chain. The router may
then be configured to use different keys at different times. Plain
text authentication is the default setting in every RIP v2 packet. The steps for setting up RIP v2 authentication are as follows:
In the following example, a key chain named Romeo is configured. Key 1, the only key on the chain, has a password of Juliet. FastEthernet0/0 then uses the key, with MD5 authentication to validate updates from neighboring RIP v2 routers.
If the command ip rip authentication mode md5 is not added, the interface will use the default clear text authentication. Although clear text authentication may be necessary to communicate with some RIP v2 implementations, for security concerns use the more secure MD5 authentication whenever possible.A key chain must be configured, even if there is only one key on it. Although any routers that will exchange authenticated updates must have the same password, the name of the key chain has significance only on the local router.
|