Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication

When you earned your CCNA, you thought you learned every little thing there is to know about RIP. Close, but not very! There are some additional details you want to know to pass the BSCI exam and get a single step closer to the CCNP exam, and a single of those entails RIP update packet authentication. You're familiar with some advantages of using RIPv2 more than RIPv1, help for VLSM chief among them. But one particular advantage that you're not introduced to in your CCNA scientific studies is the potential to configure routing update packet authentication. You have two options, clear text and MD5. Clear text is just that - a clear text password that is visible by anyone who can pick a packet off the wire. To read more, please have a gaze at: see mary morrissey. If you happen to be going to go to the trouble of configuring update authentication, you should use MD5. The MD stands for "Message Digest", and this is the algorithm that produces the hash value for the password that will be contained in the update packets. Not only should the routers agree on the password, they should agree on the authentication approach. If 1 router sends an MD5-hashed password to yet another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a excellent command for troubleshooting authenticated updates. R1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these 3 routers. R1#conf t R1(config)#key chain RIP < The key chain can have any name.> R1(config-keychain)#essential 1 < Key chains can have multiple keys. Number them carefully when using multiples.> R1(config-keychain-crucial)#essential-string CISCO < This is the text string the key will use for authentication.> R1(config)#int s0 R1(config-if)#ip rip authentication mode text < The interface will use clear-text mode.> R1(config-if)#ip rip authentication key-chain RIP < The interface is using key chain RIP, configured earlier.> R2#conf t R2(config)#key chain RIP R2(config-keychain)#crucial 1 R2(config-keychain-essential)#crucial-string CISCO R2(config)#int s0.123 R2(config-subif)#ip rip authentication mode text R2(config-subif)#ip rip authentication essential-chain RIP R3#conf t R3(config)#crucial chain RIP R3(config-keychain)#important 1 R3(config-keychain-crucial)#crucial-string CISCO R3(config)#int s0.31 R3(config-subif)#ip rip authentication mode text R3(config-subif)#ip rip authentication important-chain RIP To use MD5 authentication rather than clear-text, basically replace the word "text" in the ip rip authentication mode command with md5. Here's what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in impact and the password is "cisco". 3d04h: RIP: received packet with text authentication cisco 3d04h: RIP: received v2 update from 150.1.1.three on Ethernet0 3d04h: 100../eight through .. in 1 hops 3d04h: 150.1.2./24 via .. This powerful research mary morrissey post paper has some compelling tips for the meaning behind it. in 1 hops Here's what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. This stately mary morrissey post URL has diverse striking cautions for how to provide for it. You are going to also see this message if the password itself is incorrect. 3d04h: RIP: ignored v2 packet from 150.1.1.3 (invalid authentication) "Debug ip rip" may be a straightforward command as compared to the debugs for other protocols. but it really is also a quite strong debug. Commence making use of debugs as early as feasible in your Cisco reports to learn how router commands genuinely work!.

Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication