Sunday, 29 September 2013

09:51

By Unknown

In: ,

RIP Authentication

RIP memiliki dua mode authentikasi untuk routing updatenya, clear text dan MD5. perbedaanya adalah mode clear text Router tidak menyembunyikan passwordnya sedangkan MD5 Router mengirimkan message diggest keyed sehingga apabila dijaringan ada yang mencapture trafik maka password tidak akan terlihat.

pertama buat key chain , key id dan key string di kedua sisi harus sama, begitu juga dengan mode authentikasinya. kemudian apply key chain ke interface.
R1(config)#key chain sfprimary
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco
R1(config)#interface f0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#ip rip authentication mode text
R1(config-if)#ip rip authentication key-chain sfprimary
R1(config-if)#no shut
R1(config-if)#interface lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-keychain-key)#router rip
R1(config-router)#v 2           
R1(config-router)#network 0.0.0.0

R2(config)#key chain sfprimary
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco
R2(config)#interface f0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#ip rip authentication mode text
R2(config-if)#ip rip authentication key-chain sfprimary
R2(config-if)#no shut
link ke R3 menggunakan autentikasi MD5
R2(config-if)#interface f0/1
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication key-chain sfprimary
R2(config-if)#no shut
R2(config-if)#interface lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#router rip
R2(config-router)#v 2
R2(config-router)#network 0.0.0.0 


R3 menggunakan key id berbeda, sebenarnya key id bisa saja berbeda. namun aturanya key id yang lebih kecil tidak dapat menerima update dari key id yang lebih besar sementara key id yang besar bisa menerima update dari id kecil
R3(config)#key chain sfprimary
R3(config-keychain)#key 2
R3(config-keychain-key)#key-string cisco
R3(config-keychain-key)#interface f0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#ip rip authentication mode md5
R3(config-if)#ip rip authentication key-chain sfprimary
R3(config-if)#no shut    
R3(config-if)#interface lo0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config-if)#router rip
R3(config-router)#v 2
R3(config-router)#network 0.0.0.0
Gunakan command show ip protocol untuk melihat pada interface mana saja key chain di aplikasikan dan key chainya.
 R2#show ip protocol
Routing Protocol is "rip"
    Sending updates every 30 seconds, next due in 26 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: rip
  Default version control: send version 2, receive version 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    FastEthernet0/0       2     2           sfprimary      
    FastEthernet0/1       2     2          sfprimary      
    Loopback0             2     2                                   
 
R2#debug ip rip
RIP protocol debugging is on
R2#
*Mar  1 00:47:41.335: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (12.12.12.2)
*Mar  1 00:47:41.335: RIP: build update entries
*Mar  1 00:47:41.335:     2.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:41.339:     23.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:45.391: RIP: sending v2 update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Mar  1 00:47:45.391: RIP: build update entries
*Mar  1 00:47:45.391:     1.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:45.391:     12.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:45.391:     23.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:50.523: RIP: received packet with text authentication cisco
*Mar  1 00:47:50.523: RIP: received v2 update from 12.12.12.1 on FastEthernet0/0
*Mar  1 00:47:50.527:      1.0.0.0/8 via 0.0.0.0 in 1 hops
*Mar  1 00:47:50.563: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (23.23.23.2)
*Mar  1 00:47:50.563: RIP: build update entries
*Mar  1 00:47:50.563:     1.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:50.567:     2.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:50.567:     12.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:47:54.671: RIP: received packet with MD5 authentication
R2 memiliki key id 1 sedangkan R3 Memiliki key id 2, jadi R2 tidak akan mengabaikan route yang diterima dari R3
*Mar  1 00:47:54.671: RIP: ignored v2 packet from 23.23.23.3 (invalid authentication)
R3#debug ip rip
RIP protocol debugging is on
R3#
*Mar  1 00:51:10.147: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (23.23.23.3)
*Mar  1 00:51:10.147: RIP: build update entries
*Mar  1 00:51:10.151:     3.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:51:29.007: RIP: sending v2 update to 224.0.0.9 via Loopback0 (3.3.3.3)
*Mar  1 00:51:29.007: RIP: build update entries
*Mar  1 00:51:29.007:     1.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:51:29.011:     2.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:51:29.011:     12.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:51:29.011:     23.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:51:29.019: RIP: ignored v2 packet from 3.3.3.3 (sourced from one of our addresses)
*Mar  1 00:51:30.259: RIP: received packet with MD5 authentication
*Mar  1 00:51:30.259: RIP: received v2 update from 23.23.23.2 on FastEthernet0/0