RIPv2 Authentication

RIPv2 Authentication: One of the major concerns of network administrators which includes securing the exchange of routing information between routers, such as ensuring that the information contained in the routing table is valid and not originated or tampered by someone trying to disrupt the network.

A network administrator can prevent your router from receiving fraudulent route updates by configuring neighbor router authentication Without neighbor authentication, unauthorized or deliberately malicious routing updates could compromise the security of your network traffic. A security compromise could occur if an unfriendly party diverts or analyzes that traffic. For example, an unauthorized router could send a fictitious routing update to convince your router to send traffic to an incorrect destination. The unfriendly party could analyze the diverted traffic to learn confidential information about your organization or merely use it to disrupt your organization’s ability to communicate effectively using the network.Neighbor authentication prevents your router from receiving any such fraudulent routing updates

In this article we will study various methods to secure the RIP communication using Authentication. Kindly note that authentication is only supported in RIPv2. With Cisco IOS, RIPv2 supports two modes of authentication:

• Plain Text authentication and
• Message Digest 5 (MD5) authentication.

RIPv2 Authentication - Configuration Steps

1. Define a key chain with a name. The key chain determines the set of keys that can be used on the interface. If a key chain is not configured, no authentication is performed on that interface.
2. Define the key or keys on the key chain and specify the password or key-string to be used in the key. This is the authentication string that must be sent and received in the packets using the routing protocol being authenticated.
3. Enable authentication on an interface and specify the key chain to be used. Since authentication is enabled on a per interface basis, a router running RIPv2 can be configured for authentication on certain interfaces and can operate without any authentication on other interfaces.
4. Specify whether the interface will use plain text or MD5 authentication. The default authentication used in RIPv2 is plain text authentication, when authentication is enabled in the previous step. So, if using plain text authentication, this step is not required.

RIPv2 Authentication Plain Text

Below are the steps for configuring RIPv2 Plain Text Authentication.

Define a key chain with name 'keyset' on R1 and R2. You can use any name of your choice or as per network administrator's defined naming conventions.Here I have shown the config on router R1 only.

 

R1(config)#key chain keyset

 

Define a key. You can configure multiple keys in the key chain 'keyset'. You can use these different keys with different peers, however, you have to use same key-string value, for example, key-string 'cisco' should be same on both routers R1 and R2.

 

R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco

 

Implement the defined key chain on the interface. For enabling plain-text authentication, we only have to enable authentication using below command.

 

R1(config)#int f1/0
R1(config-if)#ip rip authentication key-chain keyset

 

RIPv2 Authentication MD5

In order to configure MD5 Authentication, we have to configure an extra command on interface level along with the commands configured for plain-text authentication.

R1(config)#key chain keyset

R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco

R1(config)#int f1/0
R1(config-if)#ip rip authentication key-chain keyset
R1(config-if)#ip rip authentication mode md5

 

 

Below is the snapshot of RIPv2 configured with Message Digest (MD5) Authentication.

 

 

 

Click Here for other useful RIP articles

 

I hope you have found this article informative and useful and now have a fair understanding of RIPv2 Authentication and how to configure the Plain Text and MD5 Authentication. For any of the related queries or feedback, kindly write to us at networkurge@gmail.com