RIP Authentication

This is a simple lab about RIP routing protocol authentication on IOS Cisco routers.

Lab scenario :

* Link R1 — R2 is using MD5 authentication.
* Link R2 — R3 is using clear text authentication.
* Link R1 — R3 is not using authentication.

Configuration on R1 :

R1(config)#interface e0/0
R1(config-if)#ip address 10.10.10.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#description to R2
R1(config)#interface e0/1
R1(config-if)#ip address 30.30.30.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#description to R3
R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#no shut
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 0.0.0.0
R1(config-router)#no auto-summary
R1(config)#key chain TEST
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CISCO

// Apply authentication on interface e0/0 (link to R2)

R1(config)#interface e0/0
R1(config-if)#ip rip authentication mode md5
R1(config-if)#ip rip authentication key-chain TEST

Configuration on R2 :

R2(config)#interface e0/0
R2(config-if)#description to R1
R2(config-if)#ip addr
R2(config-if)#ip address 10.10.10.2 255.255.255.252
R2(config-if)#no shut
R2(config)#interface e0/1
R2(config-if)#description to R3
R2(config-if)#ip address 20.20.20.1 255.255.255.252
R2(config-if)#no shut
R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#no shut
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 0.0.0.0
R2(config-router)#no auto
R2(config-router)#no auto-summary
R2(config)#key chain TEST
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CISCO

// Apply authentication on interface e0/0 (link to R1) and interface e0/1 (link to R3)

R2(config)#interface e0/0
R2(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication key-chain TEST
R2(config)#interface e0/1
R2(config-if)#ip rip authentication key-chain TEST

Configuration on R3 :

R3(config)#interface e0/0
R3(config-if)#description to R2
R3(config-if)#ip address 20.20.20.2 255.255.255.252
R3(config-if)#no shut
R3(config)#interface e0/1
R3(config-if)#description to R1
R3(config-if)#ip address 30.30.30.2 255.255.255.252
R3(config-if)#no shut
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R3(config-if)#no shut
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 0.0.0.0
R3(config-router)#no auto-summary
R3(config)#key chain TEST
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string CISCO

// Apply authentication on interface e0/0 (link to R2)

R3(config)#interface e0/0
R3(config-if)#ip rip authentication key-chain TEST

Verification on R1 :

R1#sh ip route rip
— output omitted —
2.0.0.0/32 is subnetted, 1 subnets
R 2.2.2.2 [120/1] via 10.10.10.2, 00:00:17, Ethernet0/0
3.0.0.0/32 is subnetted, 1 subnets
R 3.3.3.3 [120/1] via 30.30.30.2, 00:00:26, Ethernet0/1
20.0.0.0/30 is subnetted, 1 subnets
R 20.20.20.0 [120/1] via 30.30.30.2, 00:00:26, Ethernet0/1
[120/1] via 10.10.10.2, 00:00:17, Ethernet0/0
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/6 ms
R1#

From the results, we can see that R1 can reach loopback on R2 and R3, which means RIP is working.

Running debug on R1 and we can see adjacency process of R1 with its neighbors :

R1#debug ip rip
RIP protocol debugging is on
— output omitted — 
R1#
*Jan 5 04:50:06.149: RIP: received packet with MD5 authentication
*Jan 5 04:50:06.149: RIP: received v2 update from 10.10.10.2 on Ethernet0/0

*Jan 5 04:50:06.149: 2.2.2.2/32 via 0.0.0.0 in 1 hops
*Jan 5 04:50:06.149: 3.3.3.3/32 via 0.0.0.0 in 2 hops
*Jan 5 04:50:06.149: 20.20.20.0/30 via 0.0.0.0 in 1 hops
R1#
*Jan 5 04:50:12.998: RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (10.10.10.1)
*Jan 5 04:50:12.998: RIP: build update entries
*Jan 5 04:50:12.998: 1.1.1.1/32 via 0.0.0.0, metric 1, tag 0
*Jan 5 04:50:12.998: 3.3.3.3/32 via 0.0.0.0, metric 2, tag 0
*Jan 5 04:50:12.998: 30.30.30.0/30 via 0.0.0.0, metric 1, tag 0
— output omitted —

From the result above we can see that R1 receives packet with MD5 authentication from R2.

Now we check on R2, we can see adjacency process of R2 with its neighbors :

R2#debug ip rip
RIP protocol debugging is on
R2#
*Jan 5 05:00:13.356: RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (10.10.10.2)
*Jan 5 05:00:13.357: RIP: build update entries
*Jan 5 05:00:13.357: 2.2.2.2/32 via 0.0.0.0, metric 1, tag 0
*Jan 5 05:00:13.357: 3.3.3.3/32 via 0.0.0.0, metric 2, tag 0
*Jan 5 05:00:13.357: 20.20.20.0/30 via 0.0.0.0, metric 1, tag 0
R2#
*Jan 5 05:00:20.684: RIP: received packet with MD5 authentication
*Jan 5 05:00:20.684: RIP: received v2 update from 10.10.10.1 on Ethernet0/0

*Jan 5 05:00:20.684: 1.1.1.1/32 via 0.0.0.0 in 1 hops
*Jan 5 05:00:20.684: 3.3.3.3/32 via 0.0.0.0 in 2 hops
*Jan 5 05:00:20.684: 30.30.30.0/30 via 0.0.0.0 in 1 hops
R2#
*Jan 5 05:00:31.288: RIP: sending v2 update to 224.0.0.9 via Ethernet0/1 (20.20.20.1)
*Jan 5 05:00:31.288: RIP: build update entries
*Jan 5 05:00:31.288: 1.1.1.1/32 via 0.0.0.0, metric 2, tag 0
*Jan 5 05:00:31.288: 2.2.2.2/32 via 0.0.0.0, metric 1, tag 0
*Jan 5 05:00:31.288: 10.10.10.0/30 via 0.0.0.0, metric 1, tag 0
*Jan 5 05:00:31.855: RIP: received packet with text authentication CISCO
*Jan 5 05:00:31.855: RIP: received v2 update from 20.20.20.2 on Ethernet0/1

*Jan 5 05:00:31.855: 1.1.1.1/32 via 0.0.0.0 in 2 hops
*Jan 5 05:00:31.855: 3.3.3.3/32 via 0.0.0.0 in 1 hops
*Jan 5 05:00:31.855: 30.30.30.0/30 via 0.0.0.0 in 1 hops

From the result above we can see that R2 receives packet with MD5 authentication from R1 and packet with clear text authentication from R3.


Please hit the ♥ button if you liked this post. You’ll help others find it. Thanks!