R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

261

262

263

264

265

266

267

268

269

270

257

Follow these steps to enable zero field check on incoming RIPv1 messages:

To do… Use the command…

Remarks

Enter system view system-view ––

Enter RIP view

rip [ process-id ] [ vpn-instance

vpn-instance-name ]

––

Enable zero field check on

received RIPv1 messages

checkzero

Optional

Enabled by default

Enabling source IP address check on incoming RIP updates

You can enable source IP address check on incoming RIP updates.

For a message received on an Ethernet interface, RIP compares the source IP address of the message with

the IP address of the interface. If they are not in the same network segment, RIP discards the message.

For a message received on a serial interface, RIP checks whether the source address of the message is the

IP address of the peer interface. If not, RIP discards the message.

Follow these steps to enable source IP address check on incoming RIP updates:

To do… Use the command…

Remarks

Enter system view system-view ––

Enter RIP view

rip [ process-id ] [ vpn-instance

vpn-instance-name ]

––

Enable source IP address check on

incoming RIP messages

validate-source-address

Optional

Enabled by default

NOTE:

The source IP address check feature should be disabled if the RIP neighbor is not directly connected.

Configuring RIPv2 message authentication

In a network requiring high security, you can configure this task to implement RIPv2 message validity

check and authentication.

RIPv2 supports two authentication modes: plain text and MD5.

In plain text authentication, the authentication information is sent with the RIP message, which however

cannot meet high security needs.

Follow these steps to configure RIPv2 message authentication:

To do… Use the command…

Remarks

Enter system view system-view ––

Enter interface view interface interface-type interface-number ––

Configure RIPv2 authentication

rip authentication-mode { md5 { rfc2082 key-string

key-id | rfc2453 key-string } | simple password }

Required

NOTE:

This feature does not apply to RIPv1 because RIPv1 does not support authentication. Although you can

specify an authentication mode for RIPv1 in interface view, the configuration does not take effect.