No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S7700 and S9700 V200R010C00

This document describes IP Unicast Routing configurations supported by the switch, including the principle and configuration procedures of IP Routing Overview, Static Route, RIP, RIPng, OSPF, OSPFv3, IS-IS(IPv4), IS-IS(IPv6), BGP, Routing Policy ,and PBR, and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring RIP-2 Packet Authentication

Configuring RIP-2 Packet Authentication

Context

Configure RIP-2 packet authentication on a RIP network requiring high security.

RIP-2 can perform simple authentication or MD5 authentication on protocol packets. In simple authentication, the plain text authentication key is used. Therefore, simple authentication has lower security than MD5.

If plain is selected during the configuration of the RIP-2 packet authentication mode, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. (Optional) On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

  4. Configure RIP-2 packet authentication.

    • Run the rip authentication-mode simple { plain plain-text | [ cipher ] password-key } command to set RIP-2 packet authentication to simple authentication.

    • Run the following commands to set RIP-2 packet authentication to MD5 authentication.

      • rip authentication-mode md5 usual { plain plain-text | [ cipher ] password-key }
      • rip authentication-mode md5 nonstandard { keychain keychain-name | { plain plain-text | [ cipher ] password-key } key-id }

      Simple authentication and MD5 authentication have potential risks. HMAC-SHA256 cipher text authentication is recommended.

      If MD5 authentication is used, you must set the packet format for MD5 authentication. If the usual keyword is specified, MD5 cipher text authentication packets use the universal format (private standard). If the nonstandard keyword is specified, MD5 cipher text authentication packets use the non-standard format (IETF standard).

    • Run the rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-key } key-id command to set RIP-2 packet authentication to HMAC-SHA256 authentication.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141900

Views: 181958

Downloads: 192

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next