Žilinská univerzita > Fakulta riadenia a informatiky > Katedra informačných sietí

Configuration of the RIPv2 authentication

In this article I will configure, debug and shows the process of RIPv2 authentication.

 

Authentication methods

  1. Plain text
  2. MD5

 

Note 1: When using plain text authentication mode, make sure that the following parameters are matching on neighboring routers for successful authentication.

  • Key-string

  • Authentication mode

Note 2: When using MD5 authentication mode, for successful authentication make sure that the following parameters are matching on neighboring routers.

  • Key-string.

  • Key number.

    • key number is inserted into a RIP packet to indicate which key should be used for verification.

  • Authentication mode.

    • MD5 or Plain Text

Used commands

key chain RIP key 1  key-string password

ip rip authentication mode md5
ip rip authentication key-chain RIP

Simulated topology example

In this example I will use following topology emulated inside ofthe GNS3/Dynagen. Routers will have only basic configuration (IP adresses, names, RIP routing).

 

|----FA0/0-(192.168.1.0/24)----|Left|----fa1/0----(1.0.0.0/24)----sfa0/0----|Right|----Fa1/0-(2.0.0.0/8)----|

 

GNS3 config

autostart = True
[qemu localhost]
    workingdir = C:\Program Files\GNS3\labs\secure-lab_working
    udp = 20000
[localhost:7200]
    workingdir = C:\Program Files\GNS3\labs\secure-lab_working
    udp = 10000
    [[2621XM]]
        chassis = 2621XM
        image = C:\Program Files\Dynamips\images\c2600-adventerprisek9-mz.124-17.image
        ram = 128
        ghostios = True
        sparsemem = True
        idlepc = 0x80248674
    [[2691]]
        image = C:\Program Files\Dynamips\images\c2691-i-mz.123-22.image
        idlepc = 0x60559bc8
        ghostios = True
        sparsemem = True
    [[ROUTER R1]]
        model = 2691
        console = 2007
        f0/1 = R7 f0/0
        slot1 = NM-1FE-TX
        x = -107.0
        y = -38.0
    [[ROUTER R2]]
        model = 2621XM
        console = 2008
        f0/0 = R6 f0/1
        x = 43.0
        y = -106.0
[GNS3-DATA]
    configs = secure-lab_configs
    workdir = secure-lab_working

Basic configuration

Configuration of the IP addressing and RIP v2 routing, everything works.

 

Router Left

interface FastEthernet0/0
 ip address 192.168.1.222 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 1.0.0.1 255.255.255.0
 speed auto
 half-duplex
!

router rip
 version 2
 network 1.0.0.0
 network 192.168.1.0
!

 

Router Right

interface FastEthernet0/0
 ip address 1.0.0.2 255.255.255.0
 speed auto
 half-duplex
!
interface FastEthernet0/1
 ip address 2.0.0.1 255.0.0.0
 duplex auto
 speed auto
 no keepalive
!
router rip
 version 2
 network 1.0.0.0
 network 2.0.0.0
!

Routing table check

On the Left router

Left#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.0.0.0 is directly connected, FastEthernet0/1
R    2.0.0.0/8 [120/1] via 1.0.0.2, 00:00:00, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
Left#

On the Right router

Right#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.0.0.0 is directly connected, FastEthernet0/0
C    2.0.0.0/8 is directly connected, FastEthernet0/1
R    192.168.1.0/24 [120/1] via 1.0.0.1, 00:00:02, FastEthernet0/0

 

Admin ping work fine

Left#ping
Protocol [ip]:
Target IP address: 2.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.1.222
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.222
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/48/112 ms
Left#

 

Configuring RIPv2 authentication - MD5

First, I will configure key chain on the router Right

Right(config)#key chain rip
Right(config-keychain)#key 1
Right(config-keychain-key)#key-string password
Right(config-keychain-key)#^Z

and I will configure authentication on the fastethernet fa 0/0 intrerface

	Right(config-if)#int fa 0/0
	Right(config-if)#ip rip authentication mode md5
	Right(config-if)#ip rip authentication key-chain rip
	Right(config-if)#

 

if I do not configure RIP auth on the router Left, router does not authenticated updates, routing infos will be flushed out, and it will contain only directly connected nets on both routers.

Left#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.0.0.0 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
Left#

 

Right#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.0.0.0 is directly connected, FastEthernet0/0
C    2.0.0.0/8 is directly connected, FastEthernet0/1

 

and capture will show following update packets. From Right routers goes updates with ath fields filled in:

 

 

and Left router sends pure RIPv2 update without auth informations:

 

When I will configure the Left router to use authentication too

Left#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Left(config)#key chain rip
Left(config-keychain)#key 1
Left(config-keychain-key)#key-string password
Left(config-keychain-key)#exit
Left(config-keychain)#exit
Left(config)#int fa 0/1
Left(config-if)#ip rip authentication mode md5
Left(config-if)#ip rip authentication key-chain rip
Left(config-if)#

 

updates  will works, as show ip route show us

Left#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.0.0.0 is directly connected, FastEthernet0/1
R    2.0.0.0/8 [120/1] via 1.0.0.2, 00:00:26, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0

 

Right#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.0.0.0 is directly connected, FastEthernet0/0
C    2.0.0.0/8 is directly connected, FastEthernet0/1
R    192.168.1.0/24 [120/1] via 1.0.0.1, 00:00:26, FastEthernet0/0
Right#

 

Groups: