No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudEngine 12800 and 12800E V200R005C10 Configuration Guide - IP Unicast Routing

This document describes the configurations of IP Unicast Routing, including IP Routing, Static Route, RIP, RIPng, OSPF, OSPFv3, IPv4 IS-IS, IPv6 IS-IS, BGP, Routing Policy, and PBR.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring RIP-2 Packet Authentication

Configuring RIP-2 Packet Authentication

Context

On the RIP network requiring high security, configure RIP-2 packet authentication.

RIP-2 can perform simple authentication or MD5 authentication on protocol packets. Simple authentication uses the authentication key in plain text, so its security is lower than that of MD5.

If plain is selected during the configuration of the RIP-2 packet authentication mode, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    The mode switching function takes effect when the interface only has attribute configurations (for example, shutdown and description configurations). Alternatively, if configuration information supported by both Layer 2 and Layer 3 interfaces exists (for example, mode lacp and lacp system-id configurations), no configuration that is not supported after the working mode of the interface is switched can exist. If unsupported configurations exist on the interface, delete the configurations first and then run the undo portswitch command.

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Configure RIP-2 packet authentication.

    • Run the rip authentication-mode simple { plain plain-text | [ cipher ] password-key } command to set RIP-2 authentication to simple authentication.

    • Run the following commands to set RIP-2 authentication to MD5 authentication.

      • rip authentication-mode md5 usual { plain plain-text | [ cipher ] password-key }
      • rip authentication-mode md5 nonstandard { keychain keychain-name | { plain plain-text | [ cipher ] password-key } key-id }

      Simple and MD5 authentication has potential risks. HMAC-SHA256 cipher text authentication is recommended.

      If the MD5 authentication is used, you must set the packet format for MD5 authentication. If the usual keyword is specified, the MD5 cipher text authentication packets use the universal format (private standard). If the nonstandard keyword is specified, the MD5 cipher text authentication packets use the non-standard format (IETF standard).

    • Run the rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-key } key-id command to set RIP-2 authentication to HMAC-SHA256 authentication.

  5. Run commit

    The configuration is committed.

Translation
简体中文
Download
Updated: 2021-09-17

Document ID: EDOC1100075354

Views: 419441

Downloads: 114

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :