UMN:CLI User Manual
V5808
598
11.4.12 Split Horizon
Normally, routers that are connected to broadcast type IP networks and that use distance-
vector routing protocols employ the split horizon mechanism to reduce the possibility of
routing loops. Split horizon blocks information about routes from being advertised by a
router out any interface from which that information originated. This behavior usually
optimizes communications among multiple routers, particularly when links are broken.
However, with non-broadcast networks, such as Frame Relay, situations can arise for
which this behavior is less than ideal. For these situations, you might want to disable split
horizon.
If the interface is configured with secondary IP address and split horizon is enabled,
updates might not be sourced by every secondary address. One routing update is
sourced per network number unless split horizon is disabled.
To enable or disable split horizon mechanism, use the following command in Interface
Configuration mode.
ip rip split-horizon [poisoned]
Enables the split horizon mechanism.
poisoned: performs poisoned reverse.
no rip ip split-horizon [poisoned]
Disables the split horizon mechanism.
11.4.13 Authentication Key
RIP v1 does not support authentication. If you are sending and receiving RIP v2 packets,
you can enable RIP authentication on an interface. The key chain determines the set of
keys that can be used on the interface. If a key chain is not configured, plain text
authentication can be performed using string command.
The V5808 supports two modes of authentication on an interface for which RIP
authentication is enabled: plain text authentication and MD5 authentication. The default
authentication in every RIP v2 packet is plain text authentication.
Do not use plain text authentication in RIP packets for security purposes, because the
unencrypted authentication key is sent in every RIP v2 packet. Use plain text
authentication when security is not an issue, for example, to ensure that misconfigured
hosts do not participate in routing.
To configure RIP authentication, use the following command.
ip rip authentication key-chain
NAME
Enables authentication for RIP v2 packets and to
specify the set of keys that can be used on an
interface.
NAME: name of key chain
ip rip authentication mode {text |
md5}
Specifies the authentication mode.
text: sends a simple text password to neighbors. If a
neighbor does not have the same password, request
and updates from this system are rejected.
md5: sends an MD5 hash to neighbors. Neighbors
To Next Page
Loading...