Implement and Troubleshoot Routing Protocol Authentication
Routing protocols can be configured to authenticate their neighbors to add some security to who you’re doing routing with.
RIP and EIGRP utilize key chains for authentication and can be configured per interface. The lowest number valid key will be used for authentication and is ordered in a top-down for which key will be used.
RIP Config
RIP can authenticate with text or md5
Do not add the mode if you want to use text authentication
key chain [name] key [#] key-string [string] accept-lifetime [start] {infinite | end-time | duration seconds} send-lifetime [start] {infinite | end-time | duration seconds} interface [interface] ip rip authentication key-chain [keychain name] ip rip authentication mode md5
EIGRP Config
key chain [name] key [#] key-string [string] accept-lifetime [start] {infinite | end-time | duration seconds} send-lifetime [start] {infinite | end-time | duration seconds} interface [interface] ip authentication mode eigrp [as] md5 ip authentication key-chain eigrp [as] [key-chain] ------- Named Mode router eigrp [name] af-interface default authentication key-chain [keychain name] authentication mode [hmac-sha-256 password | md5]
OSPFv2
There are 3 authentication types for OSPF, null, text and md5
- Null Authentication—This is also called Type 0 and it means no authentication information is included in the packet header. It is the default
- Plain Text Authentication—This is also called Type 1 and it uses simple clear-text passwords
- MD5 Authentication—This is also called Type 2 and it uses MD5 cryptographic passwords.
Plain Text interface [interface] ip ospf authentication-key [password] router ospf [pid] area [area] authentication ------ MD5 interface [interface] ip ospf message-digest-key [#] [password] router ospf [pid] area [area] authentication message-digest ---- show ip ospf interface [interface]
OSPFv3
OSPFv3 uses IPSec to enable authentication
interface [interface] ospfv3 authentication {ipsec spi} {md5 | sha1}{ key-encryption-type key} | null
ipv6 ospf authentication {null | ipsec spi spi authentication-algorithm [key-encryption-type] [key]}
ipv6 router ospf [pid] area [area] authentication ipsec spi [spi authentication-algorithm] [key-encryption-type] [key]
MD5 |
Key‐chain |
EIGRP HMAC SHA2‐256bit |
OSPFv2 SHA1‐196bit |
OSPFv3 IPsec authentication |