Configuring RIP Authentication

At the interface command level, RIP supports authentication configuration.

The authentication mode applied to the interface can be either clear text or encrypted MD5. Use the ip rip authentication mode command to specify the authentication mode for this interface.

Authentication parameters are specified in a key chain. The key chain can be configured for up to 255 keys. A key contains the key authentication string that is sent and received in RIP packets, an accept-lifetime that specifies the period during which an authentication key is valid to be received, and a send-lifetime which specifies the time period during which an authentication key is valid to be sent.

Use the key chain command in configuration command mode to enter key chain configuration command mode.

Use the key command in key chain configuration command mode to configure a key chain key and enter key configuration command mode.

Use the key-string command in key configuration command mode to specify the key string associated with this key.

Use the accept-lifetime command in key configuration command mode to specify the time period during which this key can be received for authentication by interface this key chain is associated with.

Use the send-lifetime command in key configuration command mode to specify the time period during which this key can be sent by the interface this key chain is associated with.

Use the ip rip authentication keychain command in interface configuration command mode to specify the named key chain this interface will use when authenticating RIP packets.

The following example:

  • configures key 3 on key chain md5key, with a key string of password, an accept-lifetime and send-lifetime from the current time to infinite
  • Configures VLAN 5 for RIP MD5 authentication
  • Applies the md5key key chain to VLAN 5
    System(rw-config)->key chain md5key
    System(rw-config-keychain)->key 3
    System(rw-config-keychain-key)->key-string password
    System>Router(config-keychain-key)->accept-lifetime 02:30:00 jul 30 2009 infinite
    System(rw-config-keychain-key)->send-lifetime 02:30:00 jul 30 2009 infinite
    System(rw-config-keychain-key)->show running config
    .
    .
    .
    !
     key chain md5key
      key 3
       key-string password
       accept-lifetime 02:30:00 Jul 30 2009 06:28:14 Feb 7 2106
       send-lifetime 02:30:00 Jul 30 2009 06:28:14 Feb 7 2106
       exit
      exit
    !
    System(rw-config-keychain-key)->exit
    System(rw-config-keychain)->exit
    System(rw-config)->interface vlan 5
    System(rw-config-intf-vlan.0.5)->ip rip authentication mode md5
    System(rw-config-intf-vlan.0.5)->ip rip authentication keychain md5key
    System(rw-config-intf-vlan.0.5)->exit
    System(rw-config)->