Next: RIP Timers, Previous: RIP route-map, Up: RIP [Contents][Index]
RIPv2 allows packets to be authenticated via either an insecure plain
text password, included with the packet, or via a more secure MD5 based
HMAC (keyed-Hashing for Message AuthentiCation),
RIPv1 can not be authenticated at all, thus when authentication is
configured ripd will discard routing updates received via RIPv1
packets.
However, unless RIPv1 reception is disabled entirely,
See RIP Version Control, RIPv1 REQUEST packets which are received,
which query the router for routing information, will still be honoured
by ripd, and ripd WILL reply to such packets. This allows
ripd to honour such REQUESTs (which sometimes is used by old
equipment and very simple devices to bootstrap their default route),
while still providing security for route updates which are received.
In short: Enabling authentication prevents routes being updated by unauthenticated remote routers, but still can allow routes (I.e. the entire RIP routing table) to be queried remotely, potentially by anyone on the internet, via RIPv1.
To prevent such unauthenticated querying of routes disable RIPv1, See RIP Version Control.
Set the interface with RIPv2 MD5 authentication.
Set the interface with RIPv2 simple password authentication.
RIP version 2 has simple text authentication. This command sets authentication string. The string must be shorter than 16 characters.
Specifiy Keyed MD5 chain.
! key chain test key 1 key-string test ! interface eth1 ip rip authentication mode md5 ip rip authentication key-chain test !
Next: RIP Timers, Previous: RIP route-map, Up: RIP [Contents][Index]