วันเสาร์ที่ 23 มกราคม พ.ศ. 2553

Cisco CCNP / BSCI Exam Tutorial: RIP Update Packet Authentication

If you earned your CCNA, the thought is all that you have learned what to know RIP. Close, but not quite! There are some additional details that you need to know to pass the BSCI exam and get a step closer to CCNP test, and one of the RIP update packet requires authentication.

You are familiar with some advantages of using RIPv2 over RIPv1, support for VLSM chief among them. But an advantage that is not implemented in your CCNA studies, the ability to configureRouting update packet authentication.

You have two options, clear text and MD5. Plaintext is just that - a plain text password, which is visible by anyone who is a packet from the wire selection. If you're going to the trouble of configuring authentication update to go, you should be MD5. The MD stands for "Message Digest", and that is the algorithm of the hash value for the password, which produces the update packages will be included.

Not only the router must agree on the password,They must agree on the method of authentication. When a router sends an MD5 hash to another router that is configured to authenticate with passwords in plain text, the change will not be accepted. debug ip rip command is great for troubleshooting automatic updates.

R1, R2 and RIP R3 run on a frame relay cloud. Here is how RIP authentication would be based on these three routers are configured.

R1 # conf t

R1 (config) # keychain RIP

<The key chain can have any name.>

R1 (config-keychain) # key 1

<Key can have multiple keys. No. They care if many times. >

R1 (config-keychain-key) # key-string CISCO

<This is the text string is a key used for authentication. >

R1 (config) # int s0

R1 (config-if) # ip rip authentication mode text

<The interface to use plain text mode. >

R1 (config-if) # ip rip authentication key-chain RIP

<The interface is the key with RIP configured.>

R2 # conf t

R2 (config) # keychain RIP

R2 (config-keychain) # key 1

R2 (config-keychain-key) # key-string CISCO

R2 (config) # int s0.123

R2 (config-subif) # ip rip authentication mode text

R2 (config-subif) # ip rip authentication key-chain RIP

T R3 # conf

R3 (config) # keychain RIP

R3 (config-keychain) # key 1

R3 (config-keychain-key) # key-string CISCO

R3 (config) # int s0.31

R3 (config-subif) # ip rip authentication modeText

R3 (config-subif) # ip rip authentication key-chain RIP

To use MD5 authentication, instead of replacing the normal text, simply the word "text" in the command IP RIP authentication mode with MD5.

Here's what looks like a success RIPv2 packet authentication, courtesy of debug IP RIP. Plaintext authentication is in force and the password "Cisco".

3d04h: RIP: received packet with Cisco authentication text

3d04h: RIP: received v2 update from150.1.1.3 on Ethernet0

3d04h: 100.0.0.0 / 8 via 0.0.0.0 in 1 hops

3d04h: 150.1.2.0/24 via 0.0.0.0 in 1 hops

Here's what it is, if the remote device is using MD5 authentication, and the local router is set for clear-set looks. You may also see this message if the password itself is incorrect.

3d04h: RIP: ignored v2 packet from 150.1.1.3 (invalid authentication)

"Rip IP Debug" is a simple command, compared to other protocol debugging. it is also apowerful debugging. Start debugging using the studio as soon as possible in your Cisco router to learn the commands like really works!

new mazda2