Enabling the Replay Protection Function
Context
If an interface goes Down and then goes Up, RIP routing information on both ends of a link may be desynchronized or lost. Specifically, if the Identification field in the last RIP packet sent before a RIP interface goes Down is X, after the interface goes Up, the Identification field in the subsequent RIP packet sent by this interface becomes 0. If the peer end does not receive the RIP packet with the Identification field being 0, the peer end discards subsequent RIP packets until it receives the RIP packet with the Identification field being X+1. This leads to RIP routing information on both ends of the link being desynchronized or lost.
To solve this problem, enable the replay protection function so that RIP can obtain the Identification field in the last RIP packet sent before the RIP interface goes Down and increase the Identification field in the subsequent RIP packet by 1.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
- Run rip authentication-mode md5 nonstandard password-key key-id
RIP-2 is configured to use MD5 authentication, and authentication packets use the nonstandard packet format.
- Run rip replay-protect
The replay protection function is enabled.
If you run the rip replay-protect command in the same view multiple times, only the latest configuration takes effect.