rip authentication-mode
Function
The rip authentication-mode command sets the RIP-2 authentication mode and authentication parameters. Only one authentication password is used for each authentication. If multiple authentication passwords are configured, the latest one takes effect.
The undo rip authentication-mode command cancels authentication.
By default, no authentication is configured.
Format
rip authentication-mode simple { plain plain-text | [ cipher ] password-key }
rip authentication-mode keychain keychain-name
rip authentication-mode md5 usual { plain plain-text | [ cipher ] password-key }
rip authentication-mode md5 nonstandard { keychain keychain-name | { plain plain-text | [ cipher ] password-key } key-id }
rip authentication-mode hmac-sha256 { plain plain-text | [ cipher ] password-key } key-id
undo rip authentication-mode
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the keychain keychain-name parameter.
Parameters
| Parameter | Description | Value |
|---|---|---|
simple |
Specifies simple authentication. NOTE:
Simple authentication mode carries potential risks. HMAC-SHA256 ciphertext authentication is recommended. |
- |
md5 |
Specifies MD5 authentication. NOTE:
MD5 ciphertext authentication carries potential risks. HMAC-SHA256 ciphertext authentication is recommended. |
- |
usual |
Indicates that MD5 ciphertext authentication packets use the universal format (private standard). |
- |
nonstandard |
Indicates that MD5 ciphertext authentication packets use non-standard packet format (IETF standard). |
- |
plain |
Indicates that only plain text can be entered and only plain text is displayed when the configuration file is viewed. NOTICE:
If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. You are advised to select cipher to save the password in cipher text. |
- |
plain-text |
Specifies the authentication password that is displayed in plain text. |
The value is a string of case-sensitive characters. It contains letters and digits without spaces. When the authentication mode is simple or md5 usual, the password consists of 1 to 16 characters. When the authentication mode is md5 nonstandard or hmac-sha256, the password consists of 1 to 255 characters. |
cipher |
Indicates that either plain text or cipher text can be entered and cipher text is displayed when the configuration file is viewed. |
- |
password-key |
Specifies the authentication password that is displayed in cipher text. |
The value is a string of case-sensitive characters. It contains letters and digits without spaces.
|
keychain keychain-name |
Specifies keychain authentication. |
The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string. |
key-id |
Specifies the identifier of Cryptographic authentication. |
The value is an integer that ranges from 1 to 255. |
hmac-sha256 |
Indicates Keyed-Hash Message Authentication Code (HMAC) for Secure Hash Algorithm 256 (SHA256). |
- |
Usage Guidelines
Keychain authentication improves UDP connection security. Keychain authentication must be configured on both ends of a link. Encryption algorithms and passwords configured on both ends must be the same; otherwise, the UDP connection cannot be set up and RIP messages cannot be transmitted.
Example
# Set HMAC-SHA256 authentication on VLANIF100, with the authentication password admin@huawei and key-id 255.
<HUAWEI> system-view [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] rip authentication-mode hmac-sha256 cipher admin@huawei 255
# Set HMAC-SHA256 authentication on GE0/0/1, with the authentication password admin@huawei and key-id 255.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] rip authentication-mode hmac-sha256 cipher admin@huawei 255