Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication
When you earned your CCNA, you believed you learned anything there is to know about RIP. Close, but not fairly! There are some further details you want to know to pass the BSCI exam and get one particular step closer to the CCNP exam, and a single of those requires RIP update packet authentication.
You happen to be familiar with some advantages of making use of RIPv2 more than RIPv1, support for VLSM chief amongst them. But one particular advantage that you're not introduced to in your CCNA reports is the potential to configure routing update packet authentication.
You have two possibilities, clear text and MD5. Clear text is just that - a clear text password that is visible by anybody who can pick a packet off the wire. Get more on our affiliated URL by navigating to compare roland frasier information. If you are going to go to the difficulty of configuring update authentication, you really should use MD5. The MD stands for \Message Digest\, and this is the algorithm that produces the hash value for the password that will be contained in the update packets.
Not only must the routers agree on the password, they need to agree on the authentication technique. If 1 router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a wonderful command for troubleshooting authenticated updates.
R1, R2, and R3 are running RIP more than a frame relay cloud. Right here is how RIP authentication would be configured on these 3 routers.
R1(config)#essential chain RIP
< The key chain can have any name.">
< Key chains can have multiple keys. Number them carefully when using multiples.">
< This is the text string the key will use for authentication.">
R1(config-if)#ip rip authentication mode text
< The interface will use clear-text mode.">
R1(config-if)#ip rip authentication crucial-chain RIP
< The interface is using key chain RIP, configured earlier.">
R2(config)#key chain RIP
R2(config-subif)#ip rip authentication mode text
R2(config-subif)#ip rip authentication key-chain RIP
R3(config)#important chain RIP
R3(config-subif)#ip rip authentication mode text
R3(config-subif)#ip rip authentication important-chain RIP
To use MD5 authentication rather than clear-text, merely replace the word \text\ in the ip rip authentication mode command with md5.
Here's what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is \cisco\.
3d04h: RIP: received packet with text authentication cisco
3d04h: RIP: received v2 update from 184.108.40.206 on Ethernet0
3d04h: 100.../eight through ... in 1 hops
3d04h: 150.1.two./24 by way of ... in 1 hops
Here's what it looks like when the remote device is set for MD5 authentication and the regional router is set for clear-text. Dig up further on our favorite partner web resource by going to roland frasier info. You'll also see this message if the password itself is incorrect.
3d04h: RIP: ignored v2 packet from 220.127.116.11 (invalid authentication)
\Debug ip rip\ could be a straightforward command as compared to the debugs for other protocols. but it is also a really strong debug. To discover additional info, people may have a peep at: contact roland frasier. Start off making use of debugs as early as feasible in your Cisco scientific studies to learn how router commands actually work!.