RIP v2 Authentication

I know, I know – we all love RIP. And we are especially excited about the authentication capabilities that show up in Version 2 of the protocol. OK, the sarcasm is obvious. For our CCIE Security written, let’s make sure we are aware of the two options that are available and how to configure them.

Your options are clear text and MD5. You would never use clear text in real life of course, but we need to know it is an option in our written exam. Let’s look at the configuration of clear text. Notice that I am leaving out all of the commands you would use to enable RIP between our devices, we just want to focus on the authentication configuration here. By the way, I used GNS3 for this practice. Classic case where it comes in handy here – two simple routers over a serial connection. No need for something more robust like VIRL:

R2(config)#key chain RIPKEYS
R2(config-keychain)#key 1       
R2(config-keychain-key)#key-string CISCO
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#int s0/0
R2(config-if)#ip rip authentication key chain RIPKEYS

Very easy – and to do MD5, as you will see, we just add one more command under the interface. Verification is the trickier business since we do not have neighborships to crash in order to verify. I like to use debug ip rip here. 

*Mar  1 00:07:25.527: RIP: ignored v2 packet from 12.12.12.1 (invalid authentication)

Here is the MD5 configuration:

R1(config)#key chain RIPKEYS
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CISCO
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#int s0/0
R1(config-if)#ip rip authentication mode md5

R1(config-if)#ip rip authentication key chain RIPKEYS

So the configurations are very simple as you can see. And we only need to specify the mode when we are interested in MD5. Note that you could specify the mode as clear text, but this is not really required as it will default to that.

4 thoughts on “RIP v2 Authentication

Leave a Reply

Your email address will not be published. Required fields are marked *