| |
|
Setting Up Rip2 Authentication
This example is a setup between two routers on a class A network of 10.0.0.0, or /8 the device names are router1 and router2. Remember Rip version 1 didn't provide us any authentication at all so that was insecure and anyone on the wire can easily grab the traffic that was being passed off from one device to the other talking rip version1. On our first device we need to enter and also be in the priv exec mode along with our second device router2. ROUTER-1 Router1# config t Enter configuration commands, one per line. End with CNTL/Z. Router1(config)# key chain Router1-Router2 Router1(config-keychain)# key 1 Router1(config-keychain-key)# key-string YOUR_SECRET_PASSWORD Router1(config-keychain-key)# exit Router1(config-keychain)# key 2 Router1(config-keychain-key)# key-string YOUR_OTHER_SECRET_PASSWORD Router1(config-keychain-key)# end Router1# ----------------------------------------------- ROUTER-2 Router2# config t Enter configuration commands, one per line. End with CNTL/Z. Router2(config)# key chain Router2-Router1 Router2(config-keychain)# key 1 Router2(config-keychain-key)# key-string YOUR_SECRET_PASSWORD Router2(config-keychain-key)# exit Router2(config-keychain)# key 2 Router2(config-keychain-key)# key-string YOUR_OTHER_SECRET_PASSWORD Router2(config-keychain-key)# end Router2# ----------------------------------------------------- Quick recap RIP version 1 did not support authentication this was a feature that was included in RIP version 2. Each RIP router must first be configured to use version 2 in order to enable authentication during routing updates. In order to configure your device or router to use version 2 of rip you need to input the version into the settings when enabling it. ------------------------------------------------------- Now to setup are device to use the keys we created and use ip rip version2 we need to go back in to enable exec mode once again. ROUTER-1 ----------------------------------- Router1# config t Enter configuration commands, one per line. End with CNTL/Z. Router1(config)# router rip Router1(config-router)# version 2 Router1(config-router)# network 10.0.0.0 Router1(config-router)# end Router1# ROUTER-2 --------------------------------------------------- Router2# config t Enter configuration commands, one per line. End with CNTL/Z. Router2(config)# router rip Router2(config-router)# version 2 Router2(config-router)# network 10.0.0.0 Router2(config-router)# end Router2# --------------------------------------------------- To enable authentication for RIP. Authentication for RIP is enabled on the interfaces. In the example below, Router1 will be using the key chain Router1-Router2 that was created earlier and the MD5 method of authentication and vice versa for Router Number 2 --------------------------------------------------- Router1# config t Enter configuration commands, one per line. End with CNTL/Z. Router1(config)# int ethernet0/1 Router1(config-if)# ip rip authentication key-chain Router1-Router2 Router1(config-if)# ip rip authentication mode md5 Router1(config-if)# end Router1# --------------------------------------------------- Router2# config t Enter configuration commands, one per line. End with CNTL/Z. Router2(config)# int ethernet0/0 Router2(config-if)# ip rip authentication Router2-Router1 Router2(config-if)# ip rip authentication mode md5 Router2(config-if)# end Router2# |
