Routing Protocol Authentication Concepts and Configuration.

CCNA 200-301

CCNA 200-301

CCNP Enterprise

CCNP Enterprise

CCNP Security

CCNP Security

CCIE Enterprise Lab

CCIE Enterprise Lab

CCIE Security Lab

CCIE Security Lab

CCNP Service Provider

CCNP Service Provider

CCNP Data Center

CCNP Data Center

CCNP Collaboration

CCNP Collaboration

CCIE DC Lab

CCIE DC Lab

ic_r
ic_l
Routing Protocol Authentication Concepts and Configuration.
images
2019-05-22

With the rapid development of science and technology, SPOTO has kept pace with the era that has a great demand in IT Technology. SPOTO will provide all possibility for candidates who want to learn all kinds of certifications involving CCIE, CCNA, CCNP, CISSP, AWS and so on. 

Routing Protocol Authentication (OSPF, and RIPv2)

The router verifies the source of each routing update packet it receives. Many routing protocols support authentication, such as OSPF, EIGRP, ISIS, BGP, and RIPv2.

Cisco routers support of different approaches to authentication route advertisements received from a neighboring router:

1.Plan text authentication

2.Hashing authentication (using MD5)

Simple password authentication:

The router sends the packet and key (if the routing protocol does not support multiple keys, the key number associated with the routing update is 0). If the keys do not match, the routing update is rejected. The only routing protocols for plan text authentication are RIPv2, OSPF, and ISIS.

MD5 authentication

Configure the key (password) and key ID, and the router generates a message digest or hash of the key, key ID, and message. The package key is not sent when the message digest is sent. The neighboring router receives the update and runs the hash algorithm on the route update with the local key. The result is a hash digest. If the hash matches, the router accepts the packet and rejects the update if it does not match. This process is more secure than plain text authentication. IS-IS, OSPF, RIPv2, and EIGRP use MD5.

Let’s see the configuration:

Topology:

Goal:

·configure the topology and interface as per the diagram

·configure RIPv2 on both the routers and advertise the interface as per the topology

·make sure both the routers exchange the routes only after successful authentication.

R1#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        10.1.1.1        YES manual up                    up

Serial3/0                    1.1.1.1         YES manual up                    up

R2#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        20.1.1.1        YES manual up                    up

Serial3/0                    1.1.1.2         YES manual up                    up

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#network 1.0.0.0

R1(config-router)#network 10.0.0.0

R1(config-router)#no auto-summary

R1(config-router)#end

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#network 1.0.0.0

R2(config-router)#network 20.0.0.0

R2(config-router)#no auto-summary

R2(config-router)#end

R1#show ip route rip

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

R     20.0.0.0/8 [120/1] via 1.1.1.2, 00:00:07, Serial3/0

R2#show ip route rip

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

R     10.0.0.0/8 [120/1] via 1.1.1.1, 00:00:21, Serial3/0 

configuring authentication:

R1(config)#key chain anyname1

R1(config)#key chain anyname1

R1(config-keychain)#key 1

R1(config-keychain-key)#key-string internetworks

R1(config)#interface serial 3/0

R1(config-if)#ip rip authentication md

R1(config-if)#ip rip authentication key-chain anyname1

R2(config)#key chain anyname2

R2(config-keychain)#key 1

R2(config-keychain-key)#key-string internetworks

R2(config-keychain-key)#end

R2(config)#interface serial 3/0

R2(config-if)#ip rip authentication mode md5

R2(config-if)#ip rip authentication key-chain anyname2

R1#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        1.0.0.0/8 is directly connected, Serial3/0

L        1.1.1.1/32 is directly connected, Serial3/0

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.0.0.0/8 is directly connected, FastEthernet0/0

L        10.1.1.1/32 is directly connected, FastEthernet0/0

R     20.0.0.0/8 [120/1] via 1.1.1.2, 00:00:26, Serial3/0

R2#clear ip route *

R2#sh ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        1.0.0.0/8 is directly connected, Serial3/0

L        1.1.1.2/32 is directly connected, Serial3/0

R     10.0.0.0/8 [120/1] via 1.1.1.1, 00:00:09, Serial3/0

      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        20.0.0.0/8 is directly connected, FastEthernet0/0

L        20.1.1.1/32 is directly connected, FastEthernet0/0

R1#show key chain

Key-chain anyname1:

    key 1 -- text "internetworks"

        accept lifetime (always valid) - (always valid) [valid now]

        send lifetime (always valid) - (always valid) [valid now]

R2#show key chain

Key-chain anyname2:

    key 1 -- text "internetworks"

        accept lifetime (always valid) - (always valid) [valid now]

        send lifetime (always valid) - (always valid) [valid now]

SPOTO Ebooks
Blog Categories