EasyManuals Logo

Cisco NCS 6000 Series User Manual

Cisco NCS 6000 Series
498 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #392 background imageLoading...
Page #392 background image
The keychain by itself has no relevance; therefore, it must be used by an application that needs to communicate
by using the keys (for authentication) with its peers. The keychain provides a secure mechanism to handle
the keys and rollover based on the lifetime. The Cisco IOS XR keychain infrastructure takes care of the hit-less
rollover of the secret keys in the keychain.
Note
Once you have configured a keychain in the IOS XR keychain database and if the same has been configured
on a particular RIP interface, it will be used for authenticating all incoming and outgoing RIP traffic on that
interface. Unless an authentication keychain is configured on a RIP interface, all RIP traffic will be assumed
to be authentic and authentication mechanisms for in-bound RIP traffic and out-bound RIP traffic will be not
be employed to secure it.
RIP employs two modes of authentication: keyed message digest mode and clear text mode. Use the
authentication keychain keychain-name mode {md5 | text} command to configure authentication using the
keychain mechanism.
In cases where a keychain has been configured on RIP interface but the keychain is actually not configured
in the keychain database or keychain is not configured with MD5 cryptographic algorithm, all incoming RIP
packets on the interface will be dropped. Outgoing packets will be sent without any authentication data.
In-bound RIP Traffic on an Interface
These are the verification criteria for all in-bound RIP packets on a RIP interface when the interface is
configured with a keychain.
Then...If...
The packet is dropped. A RIP component-level debug
message is be logged to provide the specific details
of the authentication failure.
The keychain configured on the RIP interface does
not exist in the keychain database...
The packet is dropped. A RIP component-level debug
message is be logged to provide the specific details
of the authentication failure.
The keychain is not configured with a MD5
cryptographic algorithm...
The packet will be dropped. A RIP component-level
debug message is be logged to provide the specific
details of the authentication failure.
The Address Family Identifier of the first (and only
the first) entry in the message is not 0xFFFF, then
authentication is not in use...
The packet is dropped. A RIP component-level debug
message is be logged to provide the specific details
of the authentication failure.
The MD5 digest in the ‘Authentication Data’ is found
to be invalid...
Else, the packet is forwarded for the rest of the processing.
Out-bound RIP Traffic on an Interface
These are the verification criteria for all out-bound RIP packets on a RIP interface when the interface is
configured with a keychain.
Routing Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x
370
Implementing RIP
In-bound RIP Traffic on an Interface

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco NCS 6000 Series and is the answer not in the manual?

Cisco NCS 6000 Series Specifications

General IconGeneral
BrandCisco
ModelNCS 6000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals