Configuring Authentication Example

Configuring Authentication Example

Many routing protocols support authentication and the commands vary somewhat, but the following example demonstrates the feature using RIP version 2.

RIP version 1 doesn’t support authentication, but RIP version 2 allows RIP authentication on a per-interface basis. RIP supports two modes of authentication: plaintext authentication and MD5 authentication. The default is plaintext authentication. Don’t use plaintext authentication for security purposes because the unencrypted authentication key is sent in every RIP version 2 packet. Interfaces on both sides of the link must be configured for MD5 authentication using the same key number and key string.

The key chain determines the set of keys that can be used on the interface. If a key chain isn’t configured, no authentication is performed on that interface, not even the default authentication.

The following commands configure RIP authentication. The first three are configured in Global Configuration mode and the last two are in Interface Configuration mode.

Rtr1: 
key chain seattle
key 1
key-string 9631
!
interface Ethernet 0 
  ip address 192.168.1.1 255.255.255.0 
! 
interface Serial 0 
  ip address 192.168.2.1 255.255.255.252
  ip rip authentication mode md5
  ip rip authentication key-chain seattle
!
router rip 
  version 2 
  network 192.168.1.0 
  network 192.168.2.0

Rtr2:
key chain seattle
key 1
key-string 9631
!
interface Ethernet 0 
  ip address 192.168.3.1 255.255.255.0 
!
interface Serial0 
 ip address 192.168.2.2 255.255.255.252 
 ip rip authentication mode md5
 ip rip authentication key-chain seattle
 clockrate 64000 
!
router rip 
 version 2 
 network 192.168.3.0 
 network 192.168.2.0