Authenticate Cisco RIP version 2 (RIPv2) Routers

Contributed by Al Banks  
Tagged: Cisco router  

MD5 authentication for RIPv2 routers

For this example, two routers, A and B, are directly connected with their serial0/0 ports. IP network is 192.168.0.0/30. 10.1.1.0/24 and 10.2.2.0/24 are the FastEthernet networks on each end.

Enter the appropriate passwords, then enter configuration mode:conf t

Address the interfaces.

Router A:interface FastEthernet 0/0
ip address 10.1.1.1 255.255.255.0
interface serial 0/0
ip address 192.168.0.1 255.255.255.252

Router B:interface FastEthernet 0/0
ip address 10.1.1.2 255.255.255.0
interface serial 0/0
ip address 192.168.0.2 255.255.255.252

Configure RIP (same on both routers):router rip
network 10.0.0.0
network 192.168.0.0
version 2

Then, create keychains in both routers.

Router A:key chain rtrA
key 1
key-string 123
exit
key 2
key-string abc

Router B:key chain rtrB
key 1
key-string 123
exit
key 2
key-string abc

Now, configure authentication.

Router A:interface serial 0/0
ip rip authentication mode md5
ip rip authentication key-chain rtrA

Router B:interface serial 0/0
ip rip authentication mode md5
ip rip authentication key-chain rtrB

Now the routers should be verifying the MD5 hash of RIP routing update packets, dropping any that do not pass the verification.

For compatibility, the “ip rip authentication mode md5″ can be omitted, which will cause authentication to occur with plain text.