6-10 Firmware User Guide
RIP-2 MD5 Authentication
Firmware version 5.3.7 supports
Overview
All participants in an authenticated RIP environment on a network must share an identifier key. There is no key exchange protocol like IKE, so all keys must be manually entered by an administrator.
On a Netopia router, every interface will be allowed to have up to two keys.
Key management
Typically, you configure only one key on a given interface and all of the interfaces that interact with that interface. RIP updates are sent every 30 seconds. Each RIP packet is authenticated using one key and sent. When the Netopia router receives an authenticated RIP packet from a device, it keeps track of that device (peer).
The longer it is in use, a single key becomes less secure. Therefore, RFC2082 specifies that an interface must support at least two keys per interface to allow a transition from an old key to a new key. It is recommended that you specify an overlapping time of five minutes for transitioning from one key to the next. Whenever two keys are valid at the same time, the Netopia router tries to determine if other peers (devices that it has received an authenticated packet from in the past three minutes) on its network are using the new key. If any of the peers have not used the new key yet, the Netopia router will send RIP updates twice, once with each key.
If the last valid key expires, the Device Event History logs a “* RIP: last authentication key expired” message, and continues to use that key as if it were still valid.
Authentication configuration
To configure
Main
Menu
System Configuration
IP Setup
