Configuring RIPv2 Authentication
Background
RIPv2 allows packets to be authenticated via either an insecure plain text password, included with the packet, or via a more secure MD5 based HMAC (keyed-Hashing for Message AuthentiCation), RIPv1 can not be authenticated at all, thus when authentication is configured ripd will discard routing updates received via RIPv1 packets.
The MD5 Message-Digest Algorithm takes a message of arbitrary length as input and generates a 128 bit "fingerprint" or "message digest" as output. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest.
When authentication is enabled, PICOS will ignore updates from unauthenticated peers, including RIPv1 peers. Although updates from unauthenticated peers are ignored, but requests for routes from unauthenticated peers are still honored.
Procedure
NOTEs:
- Both the authentication mode and authentication string need to be configured, and the value should be identical at both ends of the link.
- When configuring the authentication mode of RIP-2 messages, if text mode is used, the password will be saved in plaintext in the configuration file, which is a security risk. It is recommended to use md5 mode to encrypt the password and save it.Â
Step 1Â Â Â Â Choose one of the following authentication modes to configure:
- MD5:
    set l3-interface vlan-interface <vlan-interface> ip-rip authentication mode md5 auth-length [old-ripd | rfc]
- text:
         set l3-interface vlan-interface <vlan-interface> ip-rip authentication mode text
Step 2Â Â Â Â Configure authentication string.
         set l3-interface vlan-interface <vlan-interface> ip-rip authentication string <string>
Step 3 Â Â Â Commit the configuration.
         commit
Example
The following example commands configure RIPv2 authentication mode to MD5 and the authentication string is PICOS.
admin@PICOS# set l3-interface vlan-interface vlan100 ip-rip authentication mode md5 auth-length rfc admin@PICOS# set l3-interface vlan-interface vlan100 ip-rip authentication string PICOS admin@PICOS# commit
Copyright © 2024 Pica8 Inc. All Rights Reserved.