HostedDB - Dedicated UNIX Servers
index_91
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 91   key-chains, CENTRAL-KEYCHAIN and SOUTH-KEYCHAIN. In practice, all the routes connected to a given network must be configured in the same way. That is, the shared key must exist in both key chains. Prior to enabling RIP MD5 authentication, each neighboring router must have a shared secret key. RIP manages authentication keys by the use of key chains. A key chain is a container that holds multiple keys with the associated key ID’s and key lifetimes. Multiple keys with different lifetimes can exist. However, only one authentication packet is sent. The router examines the key numbers in order from lowest to highest, and uses the first valid key that is encountered. In the example below, Central and South have key chains named CENTRAL-KEYCHAIN and SOUTH-KEYCHAIN. Both key chains share the keys my-supersecret-key and my-othersecret-key. However, both routers will only use the first valid key. The other key is usually used when migrating to different keys. Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# key chain CENTRAL-KEYCHAIN Central(config-keychain)# key 1 Central(config-keychain-key)# key-string my-supersecret-key Central(config-keychain-key)# exit Central(config-keychain)# key 2 Central(config-keychain-key)# key-string my-othersecret-key Central(config-keychain-key)# end Central# South# config t Enter configuration commands, one per line.  End with CNTL/Z. South(config)# key chain SOUTH-KEYCHAIN South(config-keychain)# key 1 South(config-keychain-key)# key-string my-supersecret-key South(config-keychain-key)# exit South(config-keychain)# key 2 South(config-keychain-key)# key-string my-othersecret-key South(config-keychain-key)# end South# RIP version 1 did not support authentication. This was a feature that was included in RIP version 2. Each RIP router must first be configured to use version 2 in order to enable authentication during routing updates. The example below shows how to enable version 2 of RIP. Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# router rip Central(config-router)# version 2 Central(config-router)# network 14.0.0.0 Central(config-router)# end Central#