Authenticate Cisco RIP version 2 (RIPv2) Routers

Posted February 18, 2004 by Al Banks in Cisco router

The following tech recipe explains MD5 authentication for RIPv2 routers.


For this example, two routers, A and B, are directly connected with their serial0/0 ports. The IP network is 192.168.0.0/30. The networks 10.1.1.0/24 and 10.2.2.0/24 are the FastEthernet networks on each end.

Enter the appropriate passwords, and then enter configuration mode:conf t

Address the interfaces.

Router A:interface FastEthernet 0/0
ip address 10.1.1.1 255.255.255.0
interface serial 0/0
ip address 192.168.0.1 255.255.255.252

Router B:interface FastEthernet 0/0
ip address 10.1.1.2 255.255.255.0
interface serial 0/0
ip address 192.168.0.2 255.255.255.252

Configure RIP (same on both routers):router rip
network 10.0.0.0
network 192.168.0.0
version 2

Then, create keychains in both routers.

Router A:key chain rtrA
key 1
key-string 123
exit
key 2
key-string abc

Router B:key chain rtrB
key 1
key-string 123
exit
key 2
key-string abc

Now, configure authentication.

Router A:interface serial 0/0
ip rip authentication mode md5
ip rip authentication key-chain rtrA

Router B:interface serial 0/0
ip rip authentication mode md5
ip rip authentication key-chain rtrB

Now, the routers should be verifying the MD5 hash of RIP routing update packets, dropping any that do not pass the verification.

For compatibility, the “ip rip authentication mode md5” can be omitted, which will cause authentication to occur with plain text.

The Conversation

Follow the reactions below and share your own thoughts.