The rip authentication-mode command configures the authentication mode and authentication parameters of RIP-2. Only one authentication key is supported during each authentication. The new authentication key overwrites the old authentication key.
The undo rip authentication-mode command cancels all authentications.
By default, there is no authentication. Configuring authentication is recommended to ensure system security.
rip authentication-mode simple { plain plain-text | [ cipher ] password-key }
rip authentication-mode md5 usual { plain plain-text | [ cipher ] password-key }
rip authentication-mode md5 nonstandard { keychain keychain-name | { plain plain-text | [ cipher ] password-key } key-id }
rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-key } key-id
rip authentication-mode keychain keychain-name
undo rip authentication-mode
| Parameter | Description | Value |
|---|---|---|
plain |
Indicates the authentication text will not be encrypted. NOTICE:
When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in simple text if you select simple text mode, which has a high risk. To ensure device security, change the password periodically. |
- |
plain-text |
Indicates the keyword for simple text authentication. |
If the authentication mode is simple or usual, the keyword is a string of 1 to 16 characters. If the authentication mode is nonstandard or hmac-sha256, the keyword is a string of 1 to 255 case-sensitive characters. |
cipher |
Indicates the authentication text will be encrypted. |
- |
password-key |
Indicates the keyword for simple text and ciphertext authentication. |
If the authentication mode is simple or usual, the keyword is a string of case sensitive characters. The password-key in simple text mode is a string of 1 to 16 characters, and the password-key in ciphertext mode is a string of 24/32/48 characters. If the authentication mode is nonstandard or hmac-sha256, the keyword is a string of case sensitive characters without spaces. The password-key in simple text mode is a string of 1 to 255 characters, and the password-key in ciphertext mode is a string of 20 to 392 characters. NOTE:
If the source version supports a ciphertext password which is a string of 24 or 32 characters, the target version also supports this type of password. |
md5 |
Indicates Message Digest Version 5 (MD5) ciphertext authentication. |
- |
usual |
Indicates that MD5 ciphertext authentication packets are in the usual format (private standard). |
- |
nonstandard |
Indicates that MD5 ciphertext authentication packets are in the nonstandard format (IETF standard). |
- |
keychain keychain-name |
Specifies the keychain name. |
The name is a string of 1 to 47 characters. |
key-id |
Specifies the identifier of Cryptographic authentication. |
The value is an integer ranging from 1 to 255. |
hmac-sha256 |
Indicates Keyed-Hash Message Authentication Code (HMAC) for Secure Hash Algorithm 256 (SHA256). NOTE:
HAMC-SHA256 authentication mode is better and more secure than other authentication modes. To ensure high security, HAMC-SHA256 authentication algorithm is recommended. |
- |
Ethernet interface view, Ethernet sub-interface view, Eth-Trunk interface view, Eth-Trunk sub-interface view, Tunnel interface view, Dialer interface view, VLANIF interface view, Virtual-Template interface view
MD5 authentication is valid for RIP-2 only, and is not valid for RIP-1.
Configuring Keychain authentication improves the security of the RIP connection. You must configure Keychain authentication on both links. Note that encryption algorithms and passwords configured for the Keychain authentication on both peers must be the same; otherwise, the RIP connection cannot be set up between RIP peers and RIP messages cannot be transmitted.