3Com Switch 8800 Advanced Software V5 Configuration Guide
Optimizing the RIP Network 281
n
■ The zero field check is invalid for RIP-2 messages.
■ The source IP address validation should be disabled when a non direct RIP
neighbor exists.
Configuring RIP-2
Message Authentication
RIP-2 supports two authentication modes: plain text and MD5.
In plain text authentication, the authentication information is sent with the RIP
message, which cannot meet high security needs.
Follow these steps to configure RIP-2 message authentication:
Configuring a RIP
Neighbor
Usually, RIP sends messages to broadcast or multicast addresses. On non broadcast
or multicast links, you need to manually specify a RIP neighbor. If the specified
neighbor is not directly connected, you must disable the source address check on
update messages.
Follow these steps to configure a RIP neighbor:
n
You need not use the peer ip-address command when the neighbor is directly
connected; otherwise the neighbor may receive both the unicast and multicast (or
broadcast) of the same routing information.
To do... Use the command... Remarks
Enter system view system-view --
Enter RIP view rip [ process-id ] [
vpn-instance
vpn-instance-name ]
--
Enable the zero field check on
received RIP-1 messages
checkzero Optional
Enabled by default
Enable the source IP address
validation on received RIP
messages
validate-source-address Optional
Enabled by default
To do... Use the command... Remarks
Enter system view system-view --
Enter interface view interface interface-type
interface-number
--
Configure RIP-2
authentication mode
rip authentication-mode { md5 {
rfc2082 key-string key-id | rfc2453
key-string } | simple password }
Required
To do... Use the command... Remarks
Enter system view system-view --
Enter RIP view rip [ process-id ] [ vpn-instance
vpn-instance-name ]
--
Specify a RIP neighbor peer ip-address Required
Disable source address
check on received RIP
update messages
undo validate-source-address Required
Not disabled by default