The following tech recipe explains MD5 authentication for RIPv2 routers.
For this example, two routers, A and B, are directly connected with their serial0/0 ports. The IP network is 192.168.0.0/30. The networks 10.1.1.0/24 and 10.2.2.0/24 are the FastEthernet networks on each end.
Enter the appropriate passwords, and then enter configuration mode:conf t
Address the interfaces.
Router A:interface FastEthernet 0/0
ip address 10.1.1.1 255.255.255.0
interface serial 0/0
ip address 192.168.0.1 255.255.255.252
Router B:interface FastEthernet 0/0
ip address 10.1.1.2 255.255.255.0
interface serial 0/0
ip address 192.168.0.2 255.255.255.252
Configure RIP (same on both routers):router rip
network 10.0.0.0
network 192.168.0.0
version 2
Then, create keychains in both routers.
Router A:key chain rtrA
key 1
key-string 123
exit
key 2
key-string abc
Router B:key chain rtrB
key 1
key-string 123
exit
key 2
key-string abc
Now, configure authentication.
Router A:interface serial 0/0
ip rip authentication mode md5
ip rip authentication key-chain rtrA
Router B:interface serial 0/0
ip rip authentication mode md5
ip rip authentication key-chain rtrB
Now, the routers should be verifying the MD5 hash of RIP routing update packets, dropping any that do not pass the verification.
For compatibility, the “ip rip authentication mode md5” can be omitted, which will cause authentication to occur with plain text.
