Configuring ripv2 message authentication, Specifying a rip neighbor – H3C Technologies H3C SR8800 User Manual
Page 53
37
For a message received on an Ethernet interface, RIP compares the source IP address of the message with
the IP address of the interface. If they are not in the same network segment, RIP discards the message.
For a message received on a serial interface, RIP checks whether the source address of the message is the
IP address of the peer interface. If not, RIP discards the message.
To enable source IP address check on incoming RIP updates:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RIP view.
rip [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3.
Enable source IP address
check on incoming RIP
messages.
validate-source-address
Optional
Enabled by default
NOTE:
The source IP address check feature should be disabled if the RIP neighbor is not directly connected.
Configuring RIPv2 message authentication
In a network requiring high security, you can configure this task to implement RIPv2 message validity
check and authentication.
RIPv2 supports two authentication modes: plain text and MD5.
In plain text authentication, the authentication information is sent with the RIP message; however, this
cannot meet high security needs.
To configure RIPv2 message authentication:
Step Command
1.
Enter system view.
system-view
2.
Enter interface view.
interface interface-type interface-number
3.
Configure RIPv2 authentication.
rip authentication-mode { md5 { rfc2082 key-string key-id |
rfc2453 key-string } | simple password }
NOTE:
This feature does not apply to RIPv1 because RIPv1 does not support authentication. Although you can
specify an authentication mode for RIPv1 in interface view, the configuration does not take effect.
Specifying a RIP neighbor
Usually, RIP sends messages to broadcast or multicast addresses. On non broadcast or multicast links,
you must manually specify RIP neighbors.
To specify a RIP neighbor:
Step Command
Remarks
1.
Enter system view.
system-view
N/A