Tags

, ,

Junos_sw_logo
Ok, time for our next Junos topic –  RIP Authentication and Preferences.
Below is our lab topology.
RIP Lab Topology

Let’s do RIP Authentication first. 

 

First, up – md5 authentication between R4 and J1 only.

For this exercise, we will use the password of JNPRCSCO for the link authentication between the routers.

 

First up, R4.

Enter configuration commands, one per line.  End with CNTL/Z.

R4(config)#key chain 1

R4(config-keychain)#key 1

R4(config-keychain-key)#key-string JNPRCSCO

R4(config)#int e0

R4(config-if)#ip rip authentication mode md5

R4(config-if)#ip rip authentication key-chain 1

R4(config-if)#exit

 

 

 

Now let’s check the routing table:

R4#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

       E1 – OSPF external type 1, E2 – OSPF external type 2

       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

       ia – IS-IS inter area, * – candidate default, U – per-user static route

       o – ODR, P – periodic downloaded static route

 

Gateway of last resort is not set

 

C    192.168.14.0/24 is directly connected, Ethernet0

     4.0.0.0/32 is subnetted, 1 subnets

C       4.4.4.4 is directly connected, Loopback0

R4#

 

No routes there, ok – time to configure the other end of this circuit for authentication.

 

Now onto J1:

We need to configure RIP authentication on the interface connected to R4, fe-0/0/7.0.

jfry@J1> edit

Entering configuration mode

 

[edit]

jfry@J1# set protocols rip group FryguyRIP neighbor fe-0/0/7.0 authentication-type md5

 

[edit]

jfry@J1#set protocols rip group FryguyRIP neighbor fe-0/0/7.0 authentication-key JNPRCSCO

 

[edit]

jfry@J1# commit and-quit

 

That was it, 2 commands under Junos!

 

Note:  If you wanted to enable authentication for the WHOLE RIP routing process, you would use the commands below.  These would then need to be applied to ALL RIP connected routers.  For my example, I just did one interface.

                set protocols rip authentication-type md5

                set protocols rip authentication-key JNPRCSCO

 

Now let’s see what that looks like in the config.  What is cool with Junos is you can just show the config for a section of the config, like below.

 

jfry@J1> show configuration protocols rip  

group FryguyRIP {

    export RIP_Routes;

    neighbor ge-0/0/0.0;

    neighbor fe-0/0/7.0 {

        authentication-type md5;

        authentication-key “$9$OvyZIhydVsY4J36Au1IyrvM87Vs”; ## SECRET-DATA

    }

    neighbor fe-0/0/2.0;

}

 

 

And back on R4 we have routes!

R4#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

       E1 – OSPF external type 1, E2 – OSPF external type 2

       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

       ia – IS-IS inter area, * – candidate default, U – per-user static route

       o – ODR, P – periodic downloaded static route

 

Gateway of last resort is not set

 

R    192.168.12.0/24 [120/1] via 192.168.14.1, 00:00:07, Ethernet0

     1.0.0.0/32 is subnetted, 1 subnets

R       1.1.1.1 [120/1] via 192.168.14.1, 00:00:07, Ethernet0

R    192.168.13.0/24 [120/1] via 192.168.14.1, 00:00:07, Ethernet0

     2.0.0.0/32 is subnetted, 1 subnets

R       2.2.2.2 [120/2] via 192.168.14.1, 00:00:07, Ethernet0

C    192.168.14.0/24 is directly connected, Ethernet0

     3.0.0.0/32 is subnetted, 1 subnets

R       3.3.3.3 [120/2] via 192.168.14.1, 00:00:07, Ethernet0

     4.0.0.0/32 is subnetted, 1 subnets

C       4.4.4.4 is directly connected, Loopback0

R    192.168.23.0/24 [120/2] via 192.168.14.1, 00:00:08, Ethernet0

R4# 

 

 

Now to setting up metrics for RIP routes. 

When you look at the diagram you see that the shortest path between R4 and J2 is via J1.  What happens if the link between J1 and J2 is a slow link, it would be faster to have the traffic go R4-J1-J3-J2. So this means that we need to add some metrics to these interfaces to influence the hops.

 

 

 

First let’s confirm the path from R4 to J2 with a tracert.

R4#traceroute 2.2.2.2

 

Type escape sequence to abort.

Tracing the route to 2.2.2.2

 

  1 192.168.14.1 0 msec 4 msec 0 msec

  2 2.2.2.2 0 msec 4 msec 4 msec

R4#

 

Yup, J1-J2.

 

Ok, lets sent the metric-in on the J2-J1 link, on the J1 side to 5

[edit[

jfry@J1# set protocols rip group FryguyRIP neighbor ge-0/0/0.0 metric-in 5

 

[edit]

jfry@J1# commit and-quit

commit complete

Exiting configuration mode

 

jfry@J1>

 

Now we can check the path from R4 again:

 

R4#traceroute 2.2.2.2

 

Type escape sequence to abort.

Tracing the route to 2.2.2.2

 

  1 192.168.14.1 4 msec 0 msec 4 msec

  2 192.168.13.3 0 msec 0 msec 8 msec

  3 2.2.2.2 0 msec 0 msec 0 msec

R4#

 

There we go, R1-R3-R2!

 


[AMAZONPRODUCT=1449316638]