Cisco IOS supports the following types of authentication for common routing protocols:
| Simple password authentication | Also known as plain text authentication. Sends the authentication key over across the network and therefore vulnerable to passive attacks. Supported by RIPv2, OSPF, and IS-IS. |
| Message Digest 5 (MD5) authentication | Sends a message digest or hash instead of the authentication key. The message digest or hash is appended to routing update packets. Supported by RIPv2, EIGRP, OSPF, and BGP. |
Authentication keys can be managed using key chains. A key defined within a key chain can specify a time interval for which the key will be activated, referred to as the lifetime of the key. Routing update packets will be sent with the valid or activated key based on the lifetime of a key. The 1st valid key that is encountered in the series of keys with the lowest to highest key ID number will be used at a time regardless of the number of valid keys. The key ID numbers do not need to be consecutive. However, at least 1 key must be defined within a key chain.
EIGRP MD5 Authentication Configuration
The accept-lifetime {start-time} {infinite | end-time | duration secs} and the send-lifetime {start-time} {infinite | end-time | duration secs} key chain key configuration subcommands are optional for specifying the time period in which a particular key will be accepted for received packets and used for sending packets respectively. When intended to set lifetimes on keys, ensure that the time of network devices are synchronized via NTP.
No comments:
Post a Comment