RIPVersion 1 does not support authentication. If version 2 is received and sent, the interface can perform RIP authentication. A key link determines a series of keys that can be used for interfaces. If the key link is not configured, the interface cannot perform authentication, or even the default authentication. Next let's take a look at the steps for configuring RIP authentication:
I. Experiment Topology
Ii. plaintext Verification
1. During plaintext authentication, when the authenticated Party sends the key chian, it sends the key with the lowest ID value without carrying the ID. After the authenticated party receives the key, compared with all the keys in your own key chain, if one key matches, it passes the authentication of the authenticated party.
2. Verification
The configuration on R1 is as follows:
- key chain rip-key
- key 1
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.1 255.255.255.0
- ip rip authentication key-chain rip-key
R2 is configured as follows:
- key chain rip-key
- key 1
- key-string ccxx01
- key 2
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.2 255.255.255.0
- ip rip authentication key-chain rip-key
3. Router route table results
- R1#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
-
- Gateway of last resort is not set
-
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- C 192.168.1.0/24 is directly connected, Loopback0
-
- R2#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
-
- Gateway of last resort is not set
-
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- R 192.168.1.0/24 [120/1] via 192.168.12.1, 00:00:15, FastEthernet0/0
- C 192.168.2.0/24 is directly connected, Loopback0
4. Conclusion
Iii. ciphertext Authentication
1. When the authenticated Party sends the key, it sends the key with the lowest ID value and carries the ID. After the authenticated party receives the key, first, find the key with the same ID in your own key chain. If the key has the same ID and the key is the same, it passes authentication. If the key value is different, it does not pass authentication. If there is no key with the same ID, the key of the nearest ID is queried. If there is no subsequent ID, authentication fails.
2. Verification
The configuration on R1 is as follows:
- key chain rip-key
- key 1
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.1 255.255.255.0
- ip rip authentication mode md5
- ip rip authentication key-chain rip-key
R2 is configured as follows:
- key chain rip-key
- key 1
- key-string ccxx01
- key 2
- key-string ccxx02
- !
- interface FastEthernet0/0
- ip address 192.168.12.2 255.255.255.0
- ip rip authentication mode md5
- ip rip authentication key-chain rip-key
3. The output result of the route table is:
- R1#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
-
- Gateway of last resort is not set
-
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- C 192.168.1.0/24 is directly connected, Loopback0
-
- R2#show ip route
- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2
- i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
- ia - IS-IS inter area, * - candidate default, U - per-user static route
- o - ODR, P - periodic downloaded static route
-
- Gateway of last resort is not set
-
- C 192.168.12.0/24 is directly connected, FastEthernet0/0
- R 192.168.1.0/24 [120/1] via 192.168.12.1, 00:00:15, FastEthernet0/0
- C 192.168.2.0/24 is directly connected, Loopback0
4. Conclusion
The RIP certification experiment has been completed. I hope you can understand it!