How to Configuring RIP Authentication |
| How to Configuring RIP Authentication Posted: 24 Oct 2010 08:21 PM PDT
Generally, There are two versions of Routing Information Protocol (RIP): version 1 and version 2. RIP version 1 does not support authentication of routing updates; however, RIP version 2 supports both plain text and MD5 authentication. The Picture Figure below shows two routers, Router A and Router B, that exchange RIP version 2 MD5 authentication updates.  Router A and Router B configured for RIP authenticationConfiguring authentication of RIP version 2 updates is fairly easy and very uniform. The basic configuration includes the following steps: 1. Define the key chain using the command key−chain <> in global configuration mode. This command transfers you to the key chain configuration mode. 2. Specify the key number with the key <> command in key chain configuration mode.You can configure multiple keys. 3. For each key, identify the key string with the key−string <> command. 4. Configure the period for which the key can be sent and received. Use the following commands: accept−lifetime {infinite|end−time|duration − seconds} send−lifetime {infinite|end−time|duration seconds} 5. Exit key chain configuration mode with the exit command. 6. Under interface configuration mode, enable the authentication of RIP updates with this command: ip rip authentication key−chain This command is all that is needed to use plain text authentication. 7. Optionally, under interface configuration mode, enable MD5 authentication of RIP updates using the ip rip authentication mode md5 command. The listings that follow show how Router A and Router B in Figure 1.3 should be configured to authenticate updates from one another using RIP MD5 authentication. Listing 1.1 shows the configuration of Router A, and Listing 1.2 shows the configuration of Router B. Listing 1.1: Router A's configuration with MD5 authentication: key chain systems key 1 key−string router ! interface Loopback0 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/0 ip address 10.10.11.1 255.255.255.0 ! interface Serial0/0 ip address 192.168.10.1 255.255.255.252 ip rip authentication mode md5 ip rip authentication key−chain systems clockrate 64000 ! router rip version 2 network 10.0.0.0 network 192.168.10.0 no auto−summary Listing 1.2: Router B's configuration with MD5 authentication: key chain cisco key 1 key−string router ! interface Loopback0 ip address 10.10.12.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.10.13.1 255.255.255.0 ! interface Serial0/0 ip address 192.168.10.2 255.255.255.252 ip rip authentication mode md5 ip rip authentication key−chain cisco ! router rip version 2 network 10.0.0.0 network 192.168.10.0 no auto−summary The configuration in Listing 1.1 displays Router A's MD5 configuration. Router A is configured with a key chain value of systems, a key value of 1, and a key−string value of router. Listing 1.2 displays Router B's MD5 configuration. Router B is configured with a key chain value of cisco, a key value of 1, and a key−string value of router. Note Notice that the key−chain command of each router can have a different value; however, the key−string command must match for each key that is configured on each neighbor. You can use the command debug ip rip to examine how RIP receives the encrypted routing updates. Entering this command on Router A and Router B displays the output shown in Listing 1.3 and Listing 1.4, respectively. Listing 1.3: The output of the command debug ip rip displays how Router A receives RIP routing updates from Router B: Router−A#debug ip rip RIP protocol debugging is on Router−A# RIP: received packet with MD5 authentication RIP: received v2 update from 192.168.10.2 on Serial0/0 10.10.12.0/24 −> 0.0.0.0 in 1 hops 10.10.13.0/24 −> 0.0.0.0 in 1 hops Listing 1.4: The output of the command debug ip rip displays how Router B receives RIP routing updates from Router A: Router−B#debug ip rip RIP protocol debugging is on Router−B# RIP: received packet with MD5 authentication RIP: received v2 update from 192.168.10.1 on Serial0/0 10.10.10.0/24 via 0.0.0.0 in 1 hops 10.10.11.0/24 via 0.0.0.0 in 1 hops  |
| What is Address Resolution Protocol-ARP Posted: 24 Oct 2010 09:57 AM PDT
ARP (Address Resolution Protocol) is a Layer2 protocol that is used to translate IP addresses (layer 3 in OSI model ) to MAC addresses (layer 2 in OSI model ), and is used when two hosts on a Local Area Ethernet Network want to communicate with each other. Of course ARP is used in other Layer 2 networks such as ATM for example, but the main usage of ARP is on Ethernet Networks. The first time Host A wants to contact Host B, Host A sends an ARP Request (using a broadcast packet) on the LAN. The ARP packet basically asks the following "I have the IP address for Host B and I want to know the MAC address of Host B". Host B sees this broadcast packet and replies to Host A with an ARP Reply packet containing host B's MAC address. Host A now saves this MAC address/IP address combination in its ARP cache and begins to communicate with host B. This communication happens with Layer2 MAC Addresses because the two hosts are on the same Layer 2 network. To display the contents of a host's ARP cache (table), use "arp-a" on a Windows platform, "arp" on a UNIX platform, and "show arp" on a Cisco IOS platform. |
| You are subscribed to email updates from "Cisco" via Ehsan in Google Reader To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment