Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication

When you earned your CCNA, you thought you learned every little thing there is to know about RIP. Close, but not very! There are some additional specifics you need to have to know to pass the BSCI exam and get 1 step closer to the CCNP exam, and 1 of these involves RIP update packet authentication.

You're familiar with some benefits of using RIPv2 more than RIPv1, assistance for VLSM chief amongst them. But one benefit that you happen to be not introduced to in your CCNA scientific studies is the capability to configure routing update packet authentication.

You have two choices, clear text and MD5. Clear text is just that - a clear text password that is visible by anybody who can pick a packet off the wire. To learn more, please check-out: www. If you are going to go to the trouble of configuring update authentication, you should use MD5. For other interpretations, please check-out: quality tylercollins.co. The MD stands for "Message Digest", and this is the algorithm that produces the hash value for the password that will be contained in the update packets.

Not only must the routers agree on the password, they must agree on the authentication method. My girlfriend found out about tyler collins info by browsing the Internet. Tyler Collins Update Chat is a refreshing library for additional info concerning how to provide for it. If one router sends an MD5-hashed password to yet another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a wonderful command for troubleshooting authenticated updates.

R1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these 3 routers.

R1#conf t

R1(config)#crucial chain RIP

R1(config-keychain)#important 1

R1(config-keychain-important)#important-string CISCO

R1(config)#int s0

R1(config-if)#ip rip authentication mode text

R1(config-if)#ip rip authentication essential-chain RIP

R2#conf t

R2(config)#key chain RIP

R2(config-keychain)#essential 1

R2(config-keychain-important)#essential-string CISCO

R2(config)#int s0.123

R2(config-subif)#ip rip authentication mode text

R2(config-subif)#ip rip authentication important-chain RIP

R3#conf t

R3(config)#important chain RIP

R3(config-keychain)#key 1

R3(config-keychain-important)#key-string CISCO

R3(config)#int s0.31

R3(config-subif)#ip rip authentication mode text

R3(config-subif)#ip rip authentication important-chain RIP

To use MD5 authentication rather than clear-text, simply replace the word "text" in the ip rip authentication mode command with md5.

Here's what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in impact and the password is "cisco".

3d04h: RIP: received packet with text authentication cisco

3d04h: RIP: received v2 update from 150.1.1.three on Ethernet0

3d04h: 100.../8 by means of ... in 1 hops

3d04h: 150.1.two./24 by way of ... in 1 hops

Here's what it looks like when the remote device is set for MD5 authentication and the regional router is set for clear-text. You are going to also see this message if the password itself is incorrect.

3d04h: RIP: ignored v2 packet from 150.1.1.three (invalid authentication)

"Debug ip rip" could be a simple command as compared to the debugs for other protocols. but it's also a very effective debug. Start off employing debugs as early as feasible in your Cisco research to understand how router commands genuinely perform!.

Don't be the product, buy the product!