IP Routing
3-229
3
Protocol Message Authentication
RIPv1 is not a secure protocol. Any device sending protocol messages from UDP
port 520 will be considered a router by its neighbors. Malicious or unwanted protocol
messages can be easily propagated throughout the network if no authentication is
required. RIPv2 supports authentication via a simple password. When a router is
configured to exchange authentication messages, it will insert the password into all
transmitted protocol packets, and check all received packets to ensure that they
contain the authorized password. If any incoming protocol messages do not contain
the correct password, they are simply dropped.
Command Attributes
• VLAN – ID of configured VLAN (1-4093).
• Receive Version – The RIP version to receive on an interface.
- RIPv1: Accepts only RIPv1 packets.
- RIPv2: Accepts only RIPv2 packets.
- RIPv1 or RIPv2: Accepts RIPv1 or RIPv2 packets. (Default)
- Do Not Receive: Does not accept incoming RIP packets.
(The default depends on the setting specified under RIP / General Settings,
Global RIP Version: RIPv1 - RIPv1 or RIPv2 packets, RIPv2 - RIPv2 packets)
• Send Version – The RIP version to send on an interface.
- RIPv1: Sends only RIPv1 packets.
- RIPv2: Sends only RIPv2 packets.
- RIPv1 Compatible: Route information is broadcast to other routers with RIPv2.
(Default)
- Do Not Send: Does not transmit RIP updates.
(The default depends on the setting specified under RIP / General Settings,
Global RIP Version: RIPv1 - RIPv1 Compatible, RIPv2 - RIPv2 packets)
• Instability Preventing – Specifies the method used to reduce the convergence
time when the network topology changes, and to prevent RIP protocol messages
from looping back to the source router. (Default: Split Horizon)
- None: No method is used. If a loop occurs, the hop count for a route may be
gradually incremented to infinity (i.e., 16) before the route is deemed
unreachable.
- Split Horizon: This method never propagates routes back to an interface from
which they have been acquired.
- Poision Reverse: This method propagates routes back to an interface port from
which they have been acquired, but set the distance-vector metrics to infinity.
(This provides faster convergence.)
• Authentication Type – Specifies whether or not authentication is required for
exchanging protocol messages. (Default: No Authentication)
- No Authentication: No authentication is required.
- Simple Password: Requires the interface to exchange routing information with
other routers based on an authorized password. (Note that authentication only
applies to RIPv2.)