< Home

Configuring Packet Authentication of RIP-2

RIP-2 supports the ability to authenticate protocol packets. By default, authentication is not configured for RIP. Configuring authentication is recommended to ensure system security.

Context

RIP-2 supports the following authentication modes:

  • Simple authentication

  • MD5 authentication

  • HMAC-SHA256 authentication

  • Keychain authentication

In simple authentication mode, the unencrypted authentication key is sent in every RIP-2 packet. Therefore, simple authentication does not guarantee security, and cannot meet the requirements for high security.

When configuring an authentication password, select the ciphertext mode. This is because the password is saved in configuration files in plaintext if you select plaintext mode, which has a high risk. To ensure device security, change the password periodically.

Procedure

  1. Access the system view. 

    system-view

  2. Access the interface view. 

    interface interface-type interface-number

  3. Run the following command as required:

    • Configure simple authentication for RIP-2 packets.

      rip authentication-mode simple { plain plain-text | [ cipher ] password-key }

    • Configure MD5 usual authentication for RIP-2 packets.

      rip authentication-mode md5 usual { plain plain-text | [ cipher ] password-key }

    • Configure MD5 nonstandard authentication for RIP-2 packets.

      rip authentication-mode md5 nonstandard  { keychain keychain-name | { plain plain-text | [ cipher ] password-key } key-id }

    • Configure hmac-sha256 authentication for RIP-2 packets.

      rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-key } key-id

    • Configure keychain authentication for RIP-2 packets.

      rip authentication-mode keychain keychain-name

    The MD5 type must be specified if MD5 authentication is configured. The usual type supports private standard authentication packets, and the nonstandard type supports IETF standard authentication packets.

    When configuring an authentication password, select the ciphertext mode because the simple password is saved in configuration file if you select the simple text mode, which poses a high risk. To improve device security, change the password periodically.

Parent Topic: Improving the RIP Network Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.