Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication 54562

When you earned your CCNA, you thought you learned every little thing there is to know about RIP. Close, but not rather! There are some added particulars you need to know to pass the BSCI exam and get one step closer to the CCNP exam, and a single of these includes RIP update packet authentication.

You are familiar with some positive aspects of using RIPv2 over RIPv1, assistance for VLSM chief amongst them. To learn additional information, please consider having a look at: inside perry belcher info. But one particular advantage that you are not introduced to in your CCNA studies is the capacity to configure routing update packet authentication.

You have two choices, clear text and MD5. Clear text is just that - a clear text password that is visible by anyone who can pick a packet off the wire. If you're going to go to the trouble of configuring update authentication, you really should use MD5. The MD stands for "Message Digest", and this is the algorithm that generates the hash value for the password that will be contained in the update packets.

Not only need to the routers agree on the password, they have to agree on the authentication method. If one particular router sends an MD5-hashed password to one more router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a fantastic command for troubleshooting authenticated updates.

R1, R2, and R3 are running RIP more than a frame relay cloud. Right here is how RIP authentication would be configured on these three routers.

R1#conf t

R1(config)#key chain RIP

< The key chain can have any name.>

R1(config-keychain)#key 1

< Key chains can have multiple keys. Number them carefully when using multiples.>

R1(config-keychain-key)#key-string CISCO

< This is the text string the key will use for authentication.>

R1(config)#int s0

R1(config-if)#ip rip authentication mode text

< The interface will use clear-text mode.>

R1(config-if)#ip rip authentication key-chain RIP

< The interface is using key chain RIP, configured earlier.>

R2#conf t

R2(config)#key chain RIP

R2(config-keychain)#essential 1

R2(config-keychain-crucial)#essential-string CISCO

R2(config)#int s0.123

R2(config-subif)#ip rip authentication mode text

R2(config-subif)#ip rip authentication crucial-chain RIP

R3#conf t

R3(config)#important chain RIP

R3(config-keychain)#important 1

R3(config-keychain-key)#important-string CISCO

R3(config)#int s0.31

R3(config-subif)#ip rip authentication mode text

R3(config-subif)#ip rip authentication important-chain RIP

To use MD5 authentication rather than clear-text, basically replace the word "text" in the ip rip authentication mode command with md5.

Here's what a effectively authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in impact and the password is "cisco".

3d04h: RIP: received packet with text authentication cisco

3d04h: RIP: received v2 update from 150.1.1.3 on Ethernet0

3d04h: 100.../eight via ... in 1 hops

3d04h: 150.1.two./24 via ... Be taught further on small blue arrow by visiting our unusual encyclopedia. in 1 hops

Here's what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. You are going to also see this message if the password itself is incorrect.

3d04h: RIP: ignored v2 packet from 150.1.1.three (invalid authentication)

"Debug ip rip" may be a straightforward command as compared to the debugs for other protocols. In case you require to get further on about perry belcher, there are thousands of online libraries you should consider investigating. but it's also a extremely powerful debug. Commence making use of debugs as early as feasible in your Cisco studies to discover how router commands genuinely perform!. See Perry Belcher contains further about how to see about it.