Configuring ripv2 message authentication, Specifying a rip neighbor – H3C Technologies H3C S5560 Series Switches User Manual

Page 52

Advertising
background image

36

Enabling source IP address check on incoming RIP updates

Perform this task to enable source IP address check on incoming RIP updates.
Upon receiving a message on an Ethernet interface, RIP compares the source IP address of the message

with the IP address of the interface. If they are not in the same network segment, RIP discards the
message.
Upon receiving a message on a PPP interface, RIP checks whether the source address of the message is

the IP address of the peer interface. If not, RIP discards the message.
To enable source IP address check on incoming RIP updates:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RIP view.

rip [ process-id ] [ vpn-instance
vpn-instance-name ]

N/A

3.

Enable source IP address
check on incoming RIP

messages.

validate-source-address

By default, this function is enabled.

Configuring RIPv2 message authentication

Perform this task to enable authentication on RIPv2 messages. This feature does not apply to RIPv1

because RIPv1 does not support authentication. Although you can specify an authentication mode for

RIPv1 in interface view, the configuration does not take effect.
RIPv2 supports two authentication modes: simple authentication and MD5 authentication.
To configure RIPv2 message authentication:

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Enter interface view.

interface interface-type interface-number N/A

3.

Configure RIPv2
authentication.

rip authentication-mode { md5 { rfc2082
{ cipher cipher-string | plain plain-string } key-id

| rfc2453 { cipher cipher-string | plain

plain-string } } | simple { cipher cipher-string |
plain plain-string } }

By default, RIPv2
authentication is not

configured.

Specifying a RIP neighbor

Typically RIP messages are sent in broadcast or multicast. To enable RIP on a link that does not support
broadcast or multicast, you must manually specify RIP neighbors.
Follow these guidelines when you specify a RIP neighbor:

Do not use the peer ip-address command when the neighbor is directly connected. Otherwise, the
neighbor might receive both unicast and multicast (or broadcast) messages of the same routing

information.

Advertising
This manual is related to the following products:

H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals