6-10 Firmware User Guide
RIP-2 MD5 Authentication
Firmware version 5.3.7 suppor ts RIP-2 MD5 Authentication (RFC2082 Routing Internet Protocol Version 2,
Message Digest 5). The purpose of MD5 authentication is to provide an additional level of confidence that a RIP
packet received was generated by a reliable source. In other words, MD5 authentication provides an enhanced
level of security that information that your PC receives does not originate from a malicious source posing as
par t of your network.
Overview
All par ticipants in an authenticated RIP environment on a network must share an identifier key. There is no key
exchange protocol like IKE, so all keys must be manually entered by an administrator.
RIP-2 MD5 Authentication requires that an inter face configured to receive authenticated packets ignore unau-
thenticated packets or packets authenticated with an invalid key. An inter face that is not configured for
receiving authenticated packets ignores authenticated ones.
On a Netopia router, ever y inter face will be allowed to have up to two keys. RIP-2 MD5 authentication can be
configured on the Ethernet LAN (all models), Ethernet WAN models, Connection Profiles, and the Default Profile.
Keys can have lifetimes, defined as a star t date and time and an end date and time, or infinite.
Key management
Typically, you configure only one key on a given inter face and all of the inter faces that interact with that
inter face. RIP updates are sent ever y 30 seconds. Each RIP packet is authenticated using one key and sent.
When the Netopia router receives an authenticated RIP packet from a device, it keeps track of that device
(peer).
The longer it is in use, a single key becomes less secure. Therefore, RFC2082 specifies that an inter face
must
suppor t at least two keys per inter face to allow a transition from an old key to a new key. It is recommended
that you specify an overlapping time of five minutes for transitioning from one key to the next. Whenever two
keys are valid at the same time, the Netopia router tries to determine if other peers (devices that it has
received an authenticated packet from in the past three minutes) on its network are using the new key. If any of
the peers have not used the new key yet, the Netopia router will send RIP updates twice, once with each key.
If the last valid key expires, the Device Event Histor y logs a “* RIP: last authentication key expired” message,
and continues to use that key as if it were still valid.
Authentication configuration
To configure RIP-2 MD5 authentication, from the Main Menu, select
System Configuration
, then
IP Setup
.
IP Setup
System Configuration
Main
Menu
Содержание 4000 Series
Страница 10: ...x Firmware User Guide Packet header types B 14 Appendix C Binary Conversion Table C 1 Index ...
Страница 18: ...1 8 Firmware User Guide ...
Страница 66: ...2 48 Firmware User Guide ...
Страница 102: ...3 36 Firmware User Guide ...
Страница 130: ...4 28 Firmware User Guide ...
Страница 206: ...7 18 Firmware User Guide ...
Страница 224: ...9 14 Firmware User Guide ...
Страница 274: ...10 50 Firmware User Guide ...
Страница 314: ...Index 6 ...