rip authentication-mode md5

Function

The rip authentication-mode md5 command sets the authentication mode to MD5 authentication mode.

The undo rip authentication-mode md5 command deletes the configured authentication mode.

By default, authentication for RIP-2 is disabled on an interface. Configuring authentication is recommended to ensure system security.

Format

rip authentication-mode md5 nonstandard keychain keychain-name

undo rip authentication-mode md5 nonstandard keychain

Parameters

Parameter	Description	Value
md5	Indicates the Message Digest version 5 (MD5) authentication mode. For the sake of security, using the HMAC-SHA256 algorithm rather than the MD5 algorithm is recommended.	-
nonstandard	Indicates that the packet for MD5 ciphertext authentication is in the nonstandard format (IETF standard).	-
keychain keychain-name	Specifies a keychain name. Before configuring this parameter, run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the authentication will fail. If the dependent keychain is deleted, the neighbor relationship may be interrupted. Therefore, exercise caution when deleting the keychain.	The value is a string of 1 to 47 case-insensitive characters. A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password.

Parameter

Description

Value

md5

Indicates the Message Digest version 5 (MD5) authentication mode.

For the sake of security, using the HMAC-SHA256 algorithm rather than the MD5 algorithm is recommended.

nonstandard

Indicates that the packet for MD5 ciphertext authentication is in the nonstandard format (IETF standard).

keychain keychain-name

Specifies a keychain name.

Before configuring this parameter, run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the authentication will fail.

If the dependent keychain is deleted, the neighbor relationship may be interrupted. Therefore, exercise caution when deleting the keychain.

The value is a string of 1 to 47 case-insensitive characters.

A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password.

Views

100GE interface view, 10GE interface view, 25GE sub-interface view, 25GE interface view, 400GE interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE electrical interface view, GMPLS-UNI interface view, Global VE sub-interface view, Tunnel interface view, VBDIF interface view, VE sub-interface view, VLANIF interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
rip	write

Usage Guidelines

Usage Scenario

To ensure network security, you can enable a router to authenticate received packets based on the pre-defined authentication mode or add authentication information to the packets to be sent. Only the packets that are authenticated can be forwarded on the network.

The rip authentication-mode command enables the local interface to discard all theRIP packets with authentication passwords that are different from the one set using this command. You can also enable the interface to add the set authentication password to all the RIP packets to be sent.

Example

# Set MD5 authentication in the usual format.

<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/0
[~HUAWEI-GigabitEthernet0/1/0] rip authentication-mode md5 nonstandard keychain abcDEF-13579