- \n
- \n\t\tPlain text<\/li>\n
- \n\t\tMD5<\/li>\n<\/ol>\n
<\/p>\n
Note 1<\/b>: When using plain text authentication mode, make sure that the following parameters are matching on neighboring routers for successful authentication.<\/p>\n
- \n
- \n\t\t\tKey-string<\/li>\n
- \n\t\t\tAuthentication mode<\/li>\n<\/ul>\n
Note 2<\/b>: When using MD5 authentication mode, for successful authentication make sure that the following parameters are matching on neighboring routers.<\/p>\n
- \n
- \n\t\t\tKey-string.<\/li>\n
- \n\t\t\tKey number.<\/p>\n
- \n
- \n\t\t\t\t\tkey number is inserted into a RIP packet to indicate which key should be used for verification.<\/li>\n<\/ul>\n<\/li>\n
- \n\t\t\tAuthentication mode.<\/p>\n
- \n
- \n\t\t\t\t\tMD5 or Plain Text<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Used commands<\/strong><\/p>\n
key chain RIP<\/em> key 1 key-string password<\/span>\n\nip rip authentication mode md5\nip rip authentication key-chain RIP\n<\/pre>\nSimulated topology example<\/strong><\/p>\n
In this example I will use following topology emulated inside ofthe GNS3\/Dynagen. Routers will have only basic configuration (IP adresses, names, RIP routing).<\/p>\n
<\/p>\n
|—-FA0\/0-(192.168.1.0\/24)—-|Left<\/b>|—-fa1\/0—-(1.0.0.0\/24)—-sfa0\/0—-|Right<\/b>|—-Fa1\/0-(2.0.0.0\/8)—-|<\/p>\n
<\/p>\n
GNS3 config<\/strong><\/p>\n
autostart = True\n[qemu localhost]\n workingdir = C:\\Program Files\\GNS3\\labs\\secure-lab_working\n udp = 20000\n[localhost:7200]\n workingdir = C:\\Program Files\\GNS3\\labs\\secure-lab_working\n udp = 10000\n [[2621XM]]\n chassis = 2621XM\n image = C:\\Program Files\\Dynamips\\images\\c2600-adventerprisek9-mz.124-17.image\n ram = 128\n ghostios = True\n sparsemem = True\n idlepc = 0x80248674\n [[2691]]\n image = C:\\Program Files\\Dynamips\\images\\c2691-i-mz.123-22.image\n idlepc = 0x60559bc8\n ghostios = True\n sparsemem = True\n [[ROUTER R1]]\n model = 2691\n console = 2007\n f0\/1 = R7 f0\/0\n slot1 = NM-1FE-TX\n x = -107.0\n y = -38.0\n [[ROUTER R2]]\n model = 2621XM\n console = 2008\n f0\/0 = R6 f0\/1\n x = 43.0\n y = -106.0\n[GNS3-DATA]\n configs = secure-lab_configs\n workdir = secure-lab_working\n<\/pre>\n
Basic configuration<\/strong><\/p>\n
Configuration of the IP addressing and RIP v2 routing, everything works.<\/p>\n
<\/p>\n
Router Left<\/strong><\/p>\n
interface FastEthernet0\/0\n ip address 192.168.1.222 255.255.255.0\n duplex auto\n speed auto\n!\ninterface FastEthernet0\/1\n ip address 1.0.0.1 255.255.255.0\n speed auto\n half-duplex\n!\n\nrouter rip\n version 2\n network 1.0.0.0\n network 192.168.1.0\n!<\/pre>\n
<\/p>\n
Router Right<\/strong><\/p>\n
interface FastEthernet0\/0\n ip address 1.0.0.2 255.255.255.0\n speed auto\n half-duplex\n!\ninterface FastEthernet0\/1\n ip address 2.0.0.1 255.0.0.0\n duplex auto\n speed auto\n no keepalive\n!\nrouter rip\n version 2\n network 1.0.0.0\n network 2.0.0.0\n!\n<\/pre>\n
Routing table check<\/strong><\/p>\n
On the Left router<\/p>\n
Left#sh ip route\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area\n N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n E1 - OSPF external type 1, E2 - OSPF external type 2\n i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n ia - IS-IS inter area, * - candidate default, U - per-user static route\n o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n 1.0.0.0\/24 is subnetted, 1 subnets\nC 1.0.0.0 is directly connected, FastEthernet0\/1\nR 2.0.0.0\/8 [120\/1] via 1.0.0.2, 00:00:00, FastEthernet0\/1\nC 192.168.1.0\/24 is directly connected, FastEthernet0\/0\nLeft#\n<\/pre>\n
On the Right router<\/p>\n
Right#sh ip route\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area\n N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n E1 - OSPF external type 1, E2 - OSPF external type 2\n i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n ia - IS-IS inter area, * - candidate default, U - per-user static route\n o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n 1.0.0.0\/24 is subnetted, 1 subnets\nC 1.0.0.0 is directly connected, FastEthernet0\/0\nC 2.0.0.0\/8 is directly connected, FastEthernet0\/1\nR 192.168.1.0\/24 [120\/1] via 1.0.0.1, 00:00:02, FastEthernet0\/0\n<\/pre>\n
<\/p>\n
Admin ping work fine<\/p>\n
Left#ping\nProtocol [ip]:\nTarget IP address: 2.0.0.1\nRepeat count [5]:\nDatagram size [100]:\nTimeout in seconds [2]:\nExtended commands [n]: y\nSource address or interface: 192.168.1.222\nType of service [0]:\nSet DF bit in IP header? [no]:\nValidate reply data? [no]:\nData pattern [0xABCD]:\nLoose, Strict, Record, Timestamp, Verbose[none]:\nSweep range of sizes [n]:\n\nType escape sequence to abort.\nSending 5, 100-byte ICMP Echos to 2.0.0.1, timeout is 2 seconds:\nPacket sent with a source address of 192.168.1.222\n!!!!!\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 8\/48\/112 ms\nLeft#\n<\/pre>\n
<\/p>\n
Configuring RIPv2 authentication – MD5<\/strong><\/p>\n
First, I will configure key chain on the router Right<\/p>\n
Right(config)#key chain rip\nRight(config-keychain)#key 1\nRight(config-keychain-key)#key-string password<\/span>\nRight(config-keychain-key)#^Z<\/pre>\nand I will configure authentication on the fastethernet fa 0\/0 intrerface<\/p>\n
\tRight(config-if)#int fa 0\/0\n\tRight(config-if)#ip rip authentication mode md5\n\tRight(config-if)#ip rip authentication key-chain rip<\/span>\n\tRight(config-if)#\n<\/pre>\n<\/p>\n
if I do not configure RIP auth on the router Left, router does not authenticated updates, routing infos will be flushed out, and it will contain only directly connected nets on both routers.<\/p>\n
Left#sh ip route\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area\n N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n E1 - OSPF external type 1, E2 - OSPF external type 2\n i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n ia - IS-IS inter area, * - candidate default, U - per-user static route\n o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n 1.0.0.0\/24 is subnetted, 1 subnets\nC 1.0.0.0 is directly connected, FastEthernet0\/1\nC 192.168.1.0\/24 is directly connected, FastEthernet0\/0\nLeft#\n<\/pre>\n
<\/p>\n
Right#sh ip route\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area\n N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n E1 - OSPF external type 1, E2 - OSPF external type 2\n i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n ia - IS-IS inter area, * - candidate default, U - per-user static route\n o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n 1.0.0.0\/24 is subnetted, 1 subnets\nC 1.0.0.0 is directly connected, FastEthernet0\/0\nC 2.0.0.0\/8 is directly connected, FastEthernet0\/1\n<\/pre>\n
<\/p>\n
and capture will show following update packets. From Right routers goes updates with ath fields filled in:<\/p>\n
<\/p>\n
![\"\"](\"\/wp-content\/uploads\/files\/image\/Netacad\/ccna2\/rip-auth\/rip-rigt-auth.png\")
<\/p>\n<\/p>\n
and Left router sends pure RIPv2 update without auth informations:<\/p>\n
![\"\"](\"\/wp-content\/uploads\/files\/image\/Netacad\/ccna2\/rip-auth\/rip-left-no-auth.png\")
<\/p>\n<\/p>\n
When I will configure the Left router to use authentication too<\/p>\n
Left#conf t\nEnter configuration commands, one per line. End with CNTL\/Z.\nLeft(config)#key chain rip\nLeft(config-keychain)#key 1\nLeft(config-keychain-key)#key-string password\nLeft(config-keychain-key)#exit\nLeft(config-keychain)#exit\nLeft(config)#int fa 0\/1\nLeft(config-if)#ip rip authentication mode md5\nLeft(config-if)#ip rip authentication key-chain rip<\/span>\nLeft(config-if)#\n<\/pre>\n<\/p>\n
updates will works, as show ip route <\/span>show us<\/p>\n
Left#sh ip route\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area\n N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n E1 - OSPF external type 1, E2 - OSPF external type 2\n i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n ia - IS-IS inter area, * - candidate default, U - per-user static route\n o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n 1.0.0.0\/24 is subnetted, 1 subnets\nC 1.0.0.0 is directly connected, FastEthernet0\/1\nR 2.0.0.0\/8 [120\/1] via 1.0.0.2, 00:00:26, FastEthernet0\/1\nC 192.168.1.0\/24 is directly connected, FastEthernet0\/0\n<\/pre>\n
<\/p>\n
Right#sh ip route\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area\n N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n E1 - OSPF external type 1, E2 - OSPF external type 2\n i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n ia - IS-IS inter area, * - candidate default, U - per-user static route\n o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n 1.0.0.0\/24 is subnetted, 1 subnets\nC 1.0.0.0 is directly connected, FastEthernet0\/0\nC 2.0.0.0\/8 is directly connected, FastEthernet0\/1\nR 192.168.1.0\/24 [120\/1] via 1.0.0.1, 00:00:26, FastEthernet0\/0\nRight#\n<\/pre>\n
<\/span><\/p>","protected":false},"excerpt":{"rendered":"
\n\tIn this article I will configure, debug and shows the process of RIPv2 authentication.<\/p>\n
\n\t <\/p>\n
\n\tAuthentication methods<\/strong><\/p>\n
- \n
- \n\t\tPlain text<\/li>\n
- \n\t\tMD5<\/li>\n<\/ol>\n
\n\t <\/p>\n
\n\tNote 1<\/b>: When using plain text authentication mode, make sure that the following parameters are matching on neighboring routers for successful authentication.<\/p>\n
- \n
- \n
\n\t\t\tKey-string<\/p>\n<\/li>\n
- \n
\n\t\t\tAuthentication mode<\/p>","protected":false},"author":15,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[697,701,763],"tags":[1382,1381],"class_list":["post-274","post","type-post","status-publish","format-standard","hentry","category-ccna-en","category-ccnp-en","category-rip-en","tag-dynagen","tag-dynamips"],"taxonomy_info":{"category":[{"value":697,"label":"CCNA"},{"value":701,"label":"CCNP"},{"value":763,"label":"RIP"}],"post_tag":[{"value":1382,"label":"dynagen"},{"value":1381,"label":"dynamips"}]},"featured_image_src_large":false,"author_info":{"display_name":"Pavel Sege\u010d","author_link":"https:\/\/nil.uniza.sk\/en\/author\/pavel-segec\/"},"comment_info":0,"category_info":[{"term_id":697,"name":"CCNA","slug":"ccna-en","term_group":0,"term_taxonomy_id":695,"taxonomy":"category","description":"","parent":695,"count":12,"filter":"raw","cat_ID":697,"category_count":12,"category_description":"","cat_name":"CCNA","category_nicename":"ccna-en","category_parent":695},{"term_id":701,"name":"CCNP","slug":"ccnp-en","term_group":0,"term_taxonomy_id":699,"taxonomy":"category","description":"","parent":695,"count":8,"filter":"raw","cat_ID":701,"category_count":8,"category_description":"","cat_name":"CCNP","category_nicename":"ccnp-en","category_parent":695},{"term_id":763,"name":"RIP","slug":"rip-en","term_group":0,"term_taxonomy_id":761,"taxonomy":"category","description":"","parent":759,"count":2,"filter":"raw","cat_ID":763,"category_count":2,"category_description":"","cat_name":"RIP","category_nicename":"rip-en","category_parent":759}],"tag_info":[{"term_id":1382,"name":"dynagen","slug":"dynagen","term_group":0,"term_taxonomy_id":1380,"taxonomy":"post_tag","description":"","parent":0,"count":4,"filter":"raw"},{"term_id":1381,"name":"dynamips","slug":"dynamips","term_group":0,"term_taxonomy_id":1379,"taxonomy":"post_tag","description":"","parent":0,"count":4,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=274"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/274\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \n
- \n\t\t\t\t\tMD5 or Plain Text<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n