Rip versiion 2 (2) authentication and update triggering

RIP authentication, trigger update,
 
* Note: This article is intended for the majority of users to learn. Some of them will mention some professional Internet terms or abbreviations. If you do not understand the network, you can learn and explore it together. If you have any questions, you can add QQ or YY. (QQ: 914560310, YY: 283755973) "//" is not a command output or description.
 
Authentication: Add a password when the router obtains the route table in the network to improve the security of the router.
Trigger update: Once a route crash is detected, the route is immediately broadcasted to refresh the text, not until the next refresh cycle.
 
Next we will use an experiment to show you the commands and usage methods used in the experiment:
* The router used in the experiment is3640

After configuring the ip address and loopback of the router, perform the experiment configuration. Let's take R1 as an example:
Router> en
Router # config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router (config) # hostname R1 // rename the vro.
R1 (config) # inter loopback 0 // enable and enter loopback 0
R1 (config-if) # ip address 1.1.1.1 255.255.255.0 // configure the ip address of loopback 0
R1 (config-if) # inter s0/0 // enter s0/0
R1 (config-if) # ip address 192.168.12.1 255.255.255.0 // configure the ip address
R1 (config-if) # no sh // enable s0/0 interface
R1 (config-if) # exit // return to the previous Mode
R1 (config) # router rip // enable the Routing Protocol
R1 (config-router) # version 2 // enable version 2
R1 (config-router) # no auto-summary // disable automatic summary
R1 (config-router) # net 1.1.1.0 // advertise the Directly Connected Network
R1 (config-router) # net 192.168.12.0
R1 (config-router) # exit
R1 (config )#Key chain test// Configure the key chain * R1 (config-keychain )#Key 1// Configure the key id * <ID is also set at will and cannot be duplicated. The repeat range is0-2147483647>
R1 (config-keychain-key )#Key-string sexy// Set the key id as the sexy KEY at will.
R1 (config-keychain-key) # interface s0/0 // enter the s0/0 interface
R1 (config-if )#Ip rip authentication key-chain test// Call the key test on the Interface
R1 (config-if )#Ip rip triggered// Enable trigger update on the Interface
R1 (config-if )#
The preceding configuration mainly describes how to configure and enable authentication. Enable trigger update on the interface.
* The same key must also be used in other vrouters. We use test to enable authentication and trigger updates on each interface connected to the network.
--------------------------------
Check the current status of the route protocol on R2:
R2 #Show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 26 seconds
Invalid after 180 seconds, hold down 0, flushed after 240
//Because update hold down is enabledChanged to 0
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send RecvTriggered RIP Key-chain
Serial0/0 2 2 Yes test
Serial0/1 2 2 Yes test
//The above output indicates that both interfaces enable authentication and trigger update.
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.12.0
192.168.23.0
Routing Information Sources:
Gateway Distance Last Update
192.168.12.1 120 00:05:31
192.168.23.3 120 00:04:27
Distance: (default is 120)
 
R2 #
------------------------------------
R2 #Show ip rip database
1.0.0.0/8 auto-summary
1.1.1.0/24
[1] via 192.168.12.1, 00:13:57 (permanent), Serial0/0
* Triggered Routes:
-[1] via 192.168.12.1, Serial0/0
192.168.12.0/24 auto-summary
192.168.12.0/24 directly connected, Serial0/0
192.168.23.0/24 auto-summary
192.168.23.0/24 directly connected, Serial0/1
R2 #
The above output better demonstrates that authentication is enabled and update is triggered on the router interface.
----------------------------------
About MD5Authentication,You only need to declare the Authentication mode as MD5 under the interface.. It is to set a password for the key id and above. The authentication is enabled below:
R1 (config) # key chain test
R1 (config-keychain) # key 1
R1 (config-keychain-key) # key-string sexy
R1 (config-keychain-key) inter s0/0
R1 (config-if )#Ip rip authentication mode md5 //Enable md5Authentication
R1 (config-if )#Ip rip authentication key-chain test //Call the pre-configured key.
 
Then run debug ip rip on R2.
RIP protocol debugging is on
R2 #
* Mar 1 01:43:25. 439: RIP: encapsulated ed packet with MD5 authentication
* Mar 1 01:43:25. 439: RIP: received v2 update from 192.168.23.3 on Serial0/1
* Mar 1 01:43:25. 443: 4.4.4.0/24 via 0.0.0.0 in 2 hops
* Mar 1 01:43:25. 443: 192.168.34.0/24 via 0.0.0.0 in 1 hops
* Mar 1 01:43:35. 659: RIP: sending v2 update to 224.0.0.9 via Serial0/1 (192.168.23.2)
* Mar 1 01:43:35. 659: RIP: build update entries
* Mar 1 01:43:35. 659: 1.1.1.0/24 via 0.0.0.0, metric 2, tag 0
* Mar 1 01:43:35. 663: 192.168.12.0/24 via 0.0.0.0, metric 1, tag 0
* Mar 1 01:43:53. 367: RIP: stored ed packetMD5Authentication
* Mar 1 01:43:53. 367: RIP: received v2 update from 192.168.23.3 on Serial0/1
* Mar 1 01:43:53. 371: 4.4.4.0/24 via 0.0.0.0 in 2 hops
* Mar 1 01:43:53. 371: 192.168.34.0/24 via 0.0.0.0 in 1 hops
* Mar 1 01:44:03. 443: RIP: sending v2 update to 224.0.0.9 via Serial0/1 (192.168.23.2)
* Mar 1 01:44:03. 443: RIP: build update entries
* Mar 1 01:44:03. 443: 1.1.1.0/24 via 0.0.0.0, metric 2, tag 0
* Mar 1 01:44:03. 447: 192.168.12.0/24 via 0.0.0.0, metric 1, tag 0
* Mar 1 01:44:22. 479: RIP: stored ed packetMD5Authentication
* Mar 1 01:44:22. 479: RIP: received v2 update from 192.168.23.3 on Serial0/1
* Mar 1 01:44:22. 483: 4.4.4.0/24 via 0.0.0.0 in 2 hops
* Mar 1 01:44:22. 483: 192.168.34.0/24 via 0.0.0.0 in 1 hops
* Mar 1 01:44:31. 831: RIP: sending v2 update to 224.0.0.9 via Serial0/1 (192.168.23.2)
* Mar 1 01:44:31. 831: RIP: build update entries
* Mar 1 01:44:31. 831: 1.1.1.0/24 via 0.0.0.0, metric 2, tag 0
* Mar 1 01:44:31. 835: 192.168.12.0/24 via 0.0.0.0, metric 1, tag 0
 
*The above output indicates that MD5 is enabled for the interface.Authenticate and trigger updates.
Note:
① The update cannot be triggered on the Ethernet interface;
② Negotiation is required to trigger updates, and both ends of the link must be configured;
③ During authentication, if multiple Key IDs are defined, Plaintext authentication and MD5The authentication matching principles are different.
 
A.Matching principles of plaintext authentication
1> the sender sends the Key with the minimum Key ID;
2>Do not carry the Key IDNumber;
3> the receiver will match the keys in all Key chains. If the matching succeeds, the accesskey passes authentication.
 
B. MD5Authentication matching principles
1> the sender sends the Key with the minimum Key ID;
2>Carry the Key ID number;
3> the receiver first checks whether the same Key ID exists. If yes, it matches only once and determines whether the authentication is successful. If the Key ID does not exist, only the next hop is queried. If the Key ID matches, authentication is successful. If the Key ID does not match, authentication fails.