Background

RIPv2 allows packets to be authenticated via either an insecure plain text password, included with the packet, or via a more secure MD5 based HMAC (keyed-Hashing for Message AuthentiCation), RIPv1 can not be authenticated at all, thus when authentication is configured ripd will discard routing updates received via RIPv1 packets.

The MD5 Message-Digest Algorithm takes a message of arbitrary length as input and generates a 128 bit "fingerprint" or "message digest" as output. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest.

When authentication is enabled, PICOS will ignore updates from unauthenticated peers, including RIPv1 peers. Although updates from unauthenticated peers are ignored, but requests for routes from unauthenticated peers are still honored.

Procedure

Step 1      Choose one of the following authentication modes to configure:

• • MD5:

       set l3-interface vlan-interface <vlan-interface> ip-rip authentication mode md5 auth-length [old-ripd | rfc]

• • text:

                 set l3-interface vlan-interface <vlan-interface> ip-rip authentication mode text

Step 2      Configure authentication string.

                 set l3-interface vlan-interface <vlan-interface> ip-rip authentication string <string>

Step 3      Commit the configuration.

                 commit

Example

The following example commands configure RIPv2 authentication mode to MD5 and the authentication string is PICOS.

admin@PICOS# set l3-interface vlan-interface vlan100 ip-rip authentication mode md5 auth-length rfc
admin@PICOS# set l3-interface vlan-interface vlan100 ip-rip authentication string PICOS
admin@PICOS# commit