Configure RIP Network Authentication
IPv2 supports protocol packet authentication, therefore, it can satisfy the high security requirement of some networks. Currently, plain text authentication and MD5, SM3 authentication are supported. Plain text transmission features low security, the latter two transmit converts the authentication code into the MD5 code or SM3 code for transmission, ensuring higher security.
Owing to the limit of RIPv2 packets, a packet that advertises a route contains only 16 bytes. Therefore, the length of a plain text authentication string must not exceed 16 bytes. Meanwhile, the MD5 code that is converted from any character string is a standard 16-byte code, meeting the requirement on the string length.
Table 5-15 Configuring RIP Network Authentication
Step
|
Command
|
Description
|
Enter the global configuration mode.
|
configure terminal
|
-
|
Enter the interface configuration mode.
|
interface interface-name
|
-
|
Configure RIPv2 network authentication.
|
ip rip authentication { { key { 0 | 7 } key-string } | { key-chain key-chain-name } | { mode { text | md5 | sm3 } } }
|
Mandatory.
By default, the IPv2 authentication function is not configured.
|
-
Before implementing MD5 or SM3 authentication, pay attention to the following points:
- RIPv1 does not support network authentication.
- RIPv2 supports one authentication mode at a time.
- Key ID must be carried in the MD5 or SM3 authentication information. If you use the ip rip authentication key command to configure a password, the key ID is 1. If you use the ip rip authentication key-chain command to configure a password, the key ID is the key ID in Key-chain.
- In obtaining a packet transmit authentication password from Key-chain, select a Key ID in the sequence of from small to large. Therefore, the Key ID with the smallest valid transmit password will be selected.
- In obtaining a packet receive authentication password from Key-chain, select the first valid receive password whose Key ID is equal to or larger than the packet receive Key ID. Therefore, if Key IDs are different for the two ends of authentication, the end with the larger Key ID can pass the authentication while the end with the smaller Key ID fails in the authentication.