Configuring ripv2 message authentication, Specifying a rip neighbor – H3C Technologies H3C S12500 Series Switches User Manual
Page 49
33
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RIP view.
rip [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3.
Enable source IP address
check on incoming RIP
messages.
validate-source-address
Optional.
Enabled by default.
Configuring RIPv2 message authentication
In a network requiring high security, you can configure this task to implement RIPv2 message validity
check and authentication. This feature does not apply to RIPv1 because RIPv1 does not support
authentication. Although you can specify an authentication mode for RIPv1 in interface view, the
configuration does not take effect.
RIPv2 supports two authentication modes: plain text and MD5.
In plain text authentication, the authentication information is sent with the RIP message, which however
cannot meet high security needs.
To configure RIPv2 message authentication:
Step Command
1.
Enter system view.
system-view
2.
Enter interface view.
interface interface-type interface-number
3.
Configure RIPv2 authentication. rip authentication-mode { md5 { rfc2082 [ cipher ] key-string key-id |
rfc2453 [ cipher ] key-string } | simple [ cipher ] password }
Specifying a RIP neighbor
Usually, RIP sends messages to broadcast or multicast addresses. On non-broadcast or multicast links,
you must manually specify RIP neighbors.
To specify a RIP neighbor:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RIP view.
rip [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3.
Specify a RIP neighbor.
peer ip-address
Do not use this command when the
neighbor is directly connected.
Otherwise, the neighbor might
receive both the unicast and multicast
(or broadcast) of the same routing
information.