Scribd Logo
Importer

Bienvenue sur Scribd !

  • Routing Protocol Authentication With RIPv2

    Transféré par

    Umair Alam
    76 vues4 pages
    mmm

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    mmm

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    76 vues4 pages

    Routing Protocol Authentication With RIPv2

    Transféré par

    Umair Alam
    mmm

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    CCIE Security V4 Technology Labs Section 1:

    System Hardening and Availability

    Routing Protocol Authentication with RIPv2


    Last updated: May 3, 2013

    Task
    RIPv2 is currently configured in your lab topology. Ensure that the routing protocol is authenticated
    using clear-text authentication between R1 and R3.
    Configure Strong Authentication for RIPv2 between R3 and R2.

    Explanation and Verification


    To enable authentication for RIPv2 in Cisco IOS, you must first configure a key chain that defines
    the key for use. The key is applied on a per-interface basis in which the mode of authentication
    (clear text vs. MD5 authentication) is defined.

    R1 Clear Text Authentication Configuration


    key chain RIPkey
    key 1
    key-string cisco123
    interface GigabitEthernet0/0
    ip address 136.1.13.1 255.255.255.0
    ip rip authentication key-chain RIPkey
    duplex auto
    speed aut

    R3 Clear Text Authentication Configuration

    key chain RIPkey


    key 1
    key-string cisco123
    !
    interface FastEthernet0/0.13
    encapsulation dot1Q 13
    ip address 136.1.13.3 255.255.255.0
    ip rip authentication key-chain RIPkey
    !

    Verification
    To verify, use the debug ip rip command to see the updates being received with authentication
    applied. Use the show ip route command to verify that expected routes are appearing in the
    routing table.

    R1 Cleartext Authentication
    Jan 8 18:09:44.984: RIP: received packet with text authentication cisco123
    Jan 8 18:09:44.984: RIP: received v2 update from 136.1.13.3 on GigabitEthernet0/
    0
    Jan 8 18:09:44.984:

    10.0.0.0/24 via 0.0.0.0 in 1 hops

    Jan 8 18:09:44.984:

    10.1.0.0/24 via 0.0.0.0 in 1 hops

    Jan 8 18:09:44.984:

    136.1.23.0/24 via 0.0.0.0 in 1 hops

    Jan 8 18:09:44.984:

    150.1.2.0/24 via 0.0.0.0 in 2 hops

    R2 MD5 Authentication Configuration


    R2#
    R2#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R2(config)#key chain RIPkey
    R2(config-keychain)# key 1
    R2(config-keychain-key)# key-string cisco123
    R2(config-keychain-key)#int g0/0
    R2(config-if)#ip rip authentication mode md5
    R2(config-if)#ip rip authentication key-chain RIPkey
    R2(config-if)#end

    R3 MD5 Authentication Configuration

    Recall that the key chain was already configured for the clear-text authentication. It is
    recommended that you use a different key chain when configuring both authentication methods. In
    this case, we use the same key for the sake of simplicity. In the CCIE lab exam, you do exactly
    what you are told, whether or not is is the best practice.

    R3#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R3(config)#int f0/0.23
    R3(config-subif)#ip rip authentication mode md5
    R3(config-subif)#ip rip authentication key-chain RIPkey
    R3(config-subif)#end

    R2 MD5 Authentication Verification

    R2#debug ip rip
    RIP protocol debugging is on
    R2#
    Jan 8 18:54:31.388: RIP: received packet with MD5 authentication
    Jan 8 18:54:31.388: RIP: received v2 update from 136.1.23.3 on GigabitEthernet0/
    0
    Jan 8 18:54:31.388:

    10.0.0.0/24 via 0.0.0.0 in 1 hops

    Jan 8 18:54:31.388:

    10.1.0.0/24 via 0.0.0.0 in 1 hops

    Jan 8 18:54:31.388:

    136.1.13.0/24 via 0.0.0.0 in 1 hops

    Jan 8 18:54:31.388:

    150.1.1.0/24 via 0.0.0.0 in 2 hops

    R2#sh ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
    ia - IS-IS inter area, * - candidate default, U - per-user static route
    o - ODR, P - periodic downloaded static route, + - replicated route
    Gateway of last resort is not set
    10.0.0.0/24 is subnetted, 2 subnets
    R

    10.0.0.0 [120/1] via 136.1.23.3, 00:00:09, GigabitEthernet0/0

    10.1.0.0 [120/1] via 136.1.23.3, 00:00:09, GigabitEthernet0/0


    136.1.0.0/16 is variably subnetted, 3 subnets, 2 masks

    136.1.13.0/24 [120/1] via 136.1.23.3, 00:00:09, GigabitEthernet0/0

    136.1.23.0/24 is directly connected, GigabitEthernet0/0

    136.1.23.2/32 is directly connected, GigabitEthernet0/0


    150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks

    150.1.1.0/24 [120/2] via 136.1.23.3, 00:00:10, GigabitEthernet0/0

    150.1.2.0/24 is directly connected, Loopback0

    150.1.2.2/32 is directly connected, Loopback0

    R2#

    Vous aimerez peut-être aussi