[j-nsp] RIPv2 Authentication Key - Interoperability with Cisco

Alain Briant alain.briant at c-s.fr
Tue Nov 20 12:22:45 EST 2007 

Hi Mario

Here is a sample configuration tested on fxp0 on version 7.1R3.3 of 
Junos facing a cisco 1721 in version  12.2(7r)XM1.

Here is the sampled config from the Juniper side:
protocols {
    rip {
        traceoptions {
            file RIP_Trace;
            flag auth;
            flag packets;
        }
        authentication-type md5;
        authentication-key "$9$19cREyN-wY2alKs4"; ## SECRET-DATA
        group Voisin {
            export Static;
            neighbor fxp0.0;
        }
    }
}

and here is the one from the cisco side:

key chain Test
 key 1
  key-string 7 110815041E1C
!
interface FastEthernet0
 ip address 192.168.63.21 255.255.255.128
 ip rip authentication mode md5
 ip rip authentication key-chain Test

!
router rip
 version 2
 redistribute connected
 network 192.168.63.0
!


The key chain in my test is "alain"
I have had some problem to activate the authentication on the cisco side 
since it was not working at the begining.
I had to type at least (or at the end, again) the command "ip rip 
authentication mode md5" under the interface to really
see with an analyser the outgoing RIP packets with the authentication 
header sent on the cisco side.

I am quite sure you will be able to do the same kind of configuration on 
the versions and hardware you are using.
You will have to verify that the cisco side is realy sending some 
authentication header in the rip packets (using ethereal)

hope this will help you .
If you need, I have some more detailed traces in word format

regards
Alain


Antoniou, Mario a écrit :

>Hi all,
> 
>I would like to implement RIPv2 MD5 authentication between an M320
>running Junos 8.4 and a Cisco 877 running 12.4T IOS in a PE-CE scenario.
>However, I am seeing RIP authentication failure on the M320 end, whereas
>the 877 authenticates the RIP update just fine. I am using 'key 1' on
>the IOS end.
> 
>As I understand, RFC2082 defines the key identifier, which IOS does
>implement with the "key <number>" statement in the key chain definition.
>I can not see where I can specify the key identifier within Junos...
>Does anyone know what key Junos uses with using MD5 RIP authentication?
>Also, whether anybody has successfully implemented RIP MD5
>authentication between Junos and IOS, and with what settings. I would
>like to confirm whether there is interoperability between Junos and IOS
>regarding MD5 RIP authentication.
> 
>Thanks for your help.
> 
>Regards,
> 
>Mario.
> 
>
>Email disclaimer:
>
>The information contained in or attached to this communication may contain confidential or privileged information and is intended for the addressee only. If you are not the intended recipient of this email communication, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email in error, please notify the sender by return email and permanently delete the document.
>
>The views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of VicTrack.
>
>VicTrack does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.
>
>Please consider the environment before printing this Email.
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>  
>

More information about the juniper-nsp mailing list