Make a blog


1 year ago

Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication

When you earned your CCNA, you thought you learned everything there is to know about RIP. Should you require to get further on Protectimus Launches New One-time Password Service As Alternative To The Two Factor Authentication Provider, we know of thousands of libraries people might consider investigating. For other viewpoints, consider checking out: Close, but not quite! There are some added specifics you need to have to know to pass the BSCI exam and get one step closer to the CCNP exam, and one of those includes RIP update packet authentication. You're familiar with some benefits of utilizing RIPv2 more than RIPv1, assistance for VLSM chief among them. But one advantage that you are not introduced to in your CCNA scientific studies is the capability to configure routing update packet authentication. You have two choices, clear text and MD5. Clear text is just that - a clear text password that is visible by any individual who can pick a packet off the wire. If you happen to be going to go to the difficulty of configuring update authentication, you ought to use MD5. The MD stands for "Message Digest", and this is the algorithm that produces the hash value for the password that will be contained in the update packets. Not only must the routers agree on the password, they have to agree on the authentication method. If one particular router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a wonderful command for troubleshooting authenticated updates. R1, R2, and R3 are operating RIP over a frame relay cloud. Right here is how RIP authentication would be configured on these three routers. R1#conf t R1(config)#key chain RIP < The key chain can have any name.> R1(config-keychain)#crucial 1 < Key chains can have multiple keys. Number them carefully when using multiples.> R1(config-keychain-crucial)#important-string CISCO < This is the text string the key will use for authentication.> R1(config)#int s0 R1(config-if)#ip rip authentication mode text < The interface will use clear-text mode.> R1(config-if)#ip rip authentication crucial-chain RIP < The interface is using key chain RIP, configured earlier.> R2#conf t R2(config)#important chain RIP R2(config-keychain)#essential 1 R2(config-keychain-crucial)#important-string CISCO R2(config)#int s0.123 R2(config-subif)#ip rip authentication mode text R2(config-subif)#ip rip authentication key-chain RIP R3#conf t R3(config)#key chain RIP R3(config-keychain)#important 1 R3(config-keychain-important)#key-string CISCO R3(config)#int s0.31 R3(config-subif)#ip rip authentication mode text R3(config-subif)#ip rip authentication important-chain RIP To use MD5 authentication rather than clear-text, just replace the word "text" in the ip rip authentication mode command with md5. Here's what a effectively authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is "cisco". 3d04h: RIP: received packet with text authentication cisco 3d04h: RIP: received v2 update from on Ethernet0 3d04h: 100.../eight via ... in 1 hops 3d04h: 150.1.2./24 by means of ... in 1 hops Here's what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. You'll also see this message if the password itself is incorrect. 3d04h: RIP: ignored v2 packet from (invalid authentication) "Debug ip rip" may be a straightforward command as compared to the debugs for other protocols. but it's also a really potent debug. Clicking seemingly provides suggestions you could tell your girlfriend. Start utilizing debugs as early as achievable in your Cisco scientific studies to understand how router commands really operate!. Learn further on the affiliated link - Click here: