Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication

When you earned your CCNA, you believed you learned every little thing there is to know about RIP. To check up more, we understand people take a gaze at: mary morrissey site. Close, but not quite! There are some further facts you want to know to pass the BSCI exam and get one particular step closer to the CCNP exam, and one of these involves RIP update packet authentication. You're familiar with some benefits of using RIPv2 over RIPv1, support for VLSM chief amongst them. But a single benefit that you're not introduced to in your CCNA scientific studies is the capacity to configure routing update packet authentication. You have two alternatives, clear text and MD5. Clear text is just that - a clear text password that is visible by any person who can pick a packet off the wire. If you are going to go to the difficulty of configuring update authentication, you should use MD5. The MD stands for "Message Digest", and this is the algorithm that produces the hash value for the password that will be contained in the update packets. Not only need to the routers agree on the password, they must agree on the authentication method. In case you wish to dig up further on mary morrissey post, there are lots of on-line databases you should investigate. If one router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a excellent command for troubleshooting authenticated updates. R1, R2, and R3 are operating RIP more than a frame relay cloud. Discover supplementary information on our partner URL - Browse this webpage: mary morrissey website. Here is how RIP authentication would be configured on these 3 routers. R1#conf t R1(config)#crucial chain RIP < The key chain can have any name.> R1(config-keychain)#essential 1 < Key chains can have multiple keys. Number them carefully when using multiples.> R1(config-keychain-important)#essential-string CISCO < This is the text string the key will use for authentication.> R1(config)#int s0 R1(config-if)#ip rip authentication mode text < The interface will use clear-text mode.> R1(config-if)#ip rip authentication important-chain RIP < The interface is using key chain RIP, configured earlier.> R2#conf t R2(config)#essential chain RIP R2(config-keychain)#essential 1 R2(config-keychain-important)#important-string CISCO R2(config)#int s0.123 R2(config-subif)#ip rip authentication mode text R2(config-subif)#ip rip authentication crucial-chain RIP R3#conf t R3(config)#important chain RIP R3(config-keychain)#crucial 1 R3(config-keychain-essential)#essential-string CISCO R3(config)#int s0.31 R3(config-subif)#ip rip authentication mode text R3(config-subif)#ip rip authentication essential-chain RIP To use MD5 authentication rather than clear-text, just replace the word "text" in the ip rip authentication mode command with md5. Here's what a effectively authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is "cisco". 3d04h: RIP: received packet with text authentication cisco 3d04h: RIP: received v2 update from 150.1.1.3 on Ethernet0 3d04h: one hundred../eight by means of .. in 1 hops 3d04h: 150.1.2./24 by way of .. in 1 hops Here's what it looks like when the remote device is set for MD5 authentication and the neighborhood router is set for clear-text. You are going to also see this message if the password itself is incorrect. 3d04h: RIP: ignored v2 packet from 150.1.1.three (invalid authentication) "Debug ip rip" may possibly be a basic command as compared to the debugs for other protocols. but it really is also a very potent debug. This great partner site use with has a pile of thrilling tips for the purpose of it. Commence employing debugs as early as possible in your Cisco scientific studies to find out how router commands genuinely perform!.

Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication