RIPv2 Authentication

One of the major concerns of network administrators which includes securing the exchange of routing information between routers, such as ensuring that the information contained in the routing table is valid and not originated or tampered by someone trying to disrupt the network. In this article we will study various methods to secure the RIP communication using Authentication. Kindly note that authentication is only supported in RIPv2. With Cisco IOS, RIPv2 supports two modes of authentication:
  • Plain Text authentication and
  • Message Digest 5 (MD5) authentication.
Steps to configure RIPv2 Authentication:
  1. Define a key chain with a name. The key chain determines the set of keys that can be used on the interface. If a key chain is not configured, no authentication is performed on that interface.
  2. Define the key or keys on the key chain and specify the password or key-string to be used in the key. This is the authentication string that must be sent and received in the packets using the routing protocol being authenticated.
  3. Enable authentication on an interface and specify the key chain to be used. Since authentication is enabled on a per interface basis, a router running RIPv2 can be configured for authentication on certain interfaces and can operate without any authentication on other interfaces.
  4. Specify whether the interface will use plain text or MD5 authentication. The default authentication used in RIPv2 is plain text authentication, when authentication is enabled in the previous step. So, if using plain text authentication, this step is not required.

Configuring Plain Text Authentication:
  • Define a key chain with name 'keyset' on R1 and R2. You can use any name of your choice or as per network administrator's defined naming conventions.Here I have shown the config on router R1 only.
                  R1(config)#key chain keyset
  • Define a key. You can configure multiple keys in the key chain 'keyset'. You can use these different keys with different peers, however, you have to use same key-string value, for example, key-string 'cisco' should be same on both routers R1 and R2.
                  R1(config-keychain)#key 1
                  R1(config-keychain-key)#key-string cisco
  • Implement the defined key chain on the interface. For enabling plain-text authentication, we only have to enable authentication using below command.
                 R1(config)#int f1/0
                 R1(config-if)#ip rip authentication key-chain keyset


Configure MD5 Authentication:

In order to configure MD5 Authentication, we have to configure an extra command on interface level along with the commands configured for plain-text authentication.

                R1(config)#key chain keyset

                R1(config-keychain)#key 1
                R1(config-keychain-key)#key-string cisco

                R1(config)#int f1/0
                R1(config-if)#ip rip authentication key-chain keyset
                R1(config-if)#ip rip authentication mode md5



If you understood the concept and like this article, kindly share it with your friends.