Routing Protocol Authentication With RIPv2

CCIE Security V4 Technology Labs  Section 1: System Hardening and Availability  Routing Protocol Authentication with

Views 107 Downloads 2 File size 99KB

Report DMCA / Copyright

DOWNLOAD FILE

Recommend stories
Ripv2 Routing Information Protocol
Ripv2 Routing Information Protocol

14 0 1MB Read more

CCNPv7 ROUTE Lab8-2 Routing Protocol Authentication Instructor
CCNPv7 ROUTE Lab8-2 Routing Protocol Authentication Instructor

11 2 215KB Read more

802.1x Authentication With Cisco ACS
802.1x Authentication With Cisco ACS

10 0 3MB Read more

Immunotherapy With Banerji Protocol
Immunotherapy With Banerji Protocol

Immunotherapy with the Banerji Protocols Dr. Prasanta Banerji and Dr. Pratip Banerji PBH Research Foundation 10/3/1 Elg

36 7 4MB Read more

Authentication
Authentication

DIGITAL SECURITY > Authentication - In a typical SSO solution, what is a Service Provider? A&C - What is "credential st

10 0 25KB Read more

Multi-Factor Authentication With ISE
Multi-Factor Authentication With ISE

Configuring MFA Using Cisco ISE and Microsoft Azure MFA Objective MFA (Multi-Factor Authentication) is used to verify a

14 0 482KB Read more

2.3.2.7 Lab - Configuring Basic PPP With Authentication
2.3.2.7 Lab - Configuring Basic PPP With Authentication

317 3 369KB Read more

2.4.1.5 Lab - Troubleshooting Basic PPP With Authentication
2.4.1.5 Lab - Troubleshooting Basic PPP With Authentication

329 4 672KB Read more

2.4.1.5 Lab - Troubleshooting Basic PPP With Authentication
2.4.1.5 Lab - Troubleshooting Basic PPP With Authentication

150 19 290KB Read more

Laboratorio-Configuracion RIPv2
Laboratorio-Configuracion RIPv2

18 0 247KB Read more

Citation preview

CCIE Security V4 Technology Labs  Section 1: System Hardening and Availability 

Routing Protocol Authentication with RIPv2 Last updated: May 3, 2013

Task RIPv2 is currently configured in your lab topology. Ensure that the routing protocol is authenticated using clear-text authentication between R1 and R3. Configure Strong Authentication for RIPv2 between R3 and R2.

Explanation and Verification To enable authentication for RIPv2 in Cisco IOS, you must first configure a key chain that defines the key for use. The key is applied on a per-interface basis in which the mode of authentication (clear text vs. MD5 authentication) is defined.

R1 Clear Text Authentication Configuration key chain RIPkey key 1 key-string cisco123 interface GigabitEthernet0/0 ip address 136.1.13.1 255.255.255.0 ip rip authentication key-chain RIPkey duplex auto speed aut

R3 Clear Text Authentication Configuration

key chain RIPkey key 1 key-string cisco123 ! interface FastEthernet0/0.13 encapsulation dot1Q 13 ip address 136.1.13.3 255.255.255.0 ip rip authentication key-chain RIPkey !

Verification To verify, use the debug ip rip command to see the updates being received with authentication applied. Use the show ip route command to verify that expected routes are appearing in the routing table.

R1 Cleartext Authentication Jan 8 18:09:44.984: RIP: received packet with text authentication cisco123 Jan 8 18:09:44.984: RIP: received v2 update from 136.1.13.3 on GigabitEthernet0/ 0 Jan 8 18:09:44.984:

10.0.0.0/24 via 0.0.0.0 in 1 hops

Jan 8 18:09:44.984:

10.1.0.0/24 via 0.0.0.0 in 1 hops

Jan 8 18:09:44.984:

136.1.23.0/24 via 0.0.0.0 in 1 hops

Jan 8 18:09:44.984:

150.1.2.0/24 via 0.0.0.0 in 2 hops

R2 MD5 Authentication Configuration R2# R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#key chain RIPkey R2(config-keychain)# key 1 R2(config-keychain-key)# key-string cisco123 R2(config-keychain-key)#int g0/0 R2(config-if)#ip rip authentication mode md5 R2(config-if)#ip rip authentication key-chain RIPkey R2(config-if)#end

R3 MD5 Authentication Configuration

Recall that the key chain was already configured for the clear-text authentication. It is recommended that you use a different key chain when configuring both authentication methods. In this case, we use the same key for the sake of simplicity. In the CCIE lab exam, you do exactly what you are told, whether or not is is the best practice.

R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#int f0/0.23 R3(config-subif)#ip rip authentication mode md5 R3(config-subif)#ip rip authentication key-chain RIPkey R3(config-subif)#end

R2 MD5 Authentication Verification

R2#debug ip rip RIP protocol debugging is on R2# Jan 8 18:54:31.388: RIP: received packet with MD5 authentication Jan 8 18:54:31.388: RIP: received v2 update from 136.1.23.3 on GigabitEthernet0/ 0 Jan 8 18:54:31.388:

10.0.0.0/24 via 0.0.0.0 in 1 hops

Jan 8 18:54:31.388:

10.1.0.0/24 via 0.0.0.0 in 1 hops

Jan 8 18:54:31.388:

136.1.13.0/24 via 0.0.0.0 in 1 hops

Jan 8 18:54:31.388:

150.1.1.0/24 via 0.0.0.0 in 2 hops

R2#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets R

10.0.0.0 [120/1] via 136.1.23.3, 00:00:09, GigabitEthernet0/0

R

10.1.0.0 [120/1] via 136.1.23.3, 00:00:09, GigabitEthernet0/0 136.1.0.0/16 is variably subnetted, 3 subnets, 2 masks

R

136.1.13.0/24 [120/1] via 136.1.23.3, 00:00:09, GigabitEthernet0/0

C

136.1.23.0/24 is directly connected, GigabitEthernet0/0

L

136.1.23.2/32 is directly connected, GigabitEthernet0/0 150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks

R

150.1.1.0/24 [120/2] via 136.1.23.3, 00:00:10, GigabitEthernet0/0

C

150.1.2.0/24 is directly connected, Loopback0

L

150.1.2.2/32 is directly connected, Loopback0

R2#