There are two reasons to authenticate a routing update. First, for security. After all, if an intruder gains access to a network and begins announcing RIP routes, she will at least disrupt traffic and, in a worse scenario, may maliciously reroute traffic to steal critical data. The second reason for authenticating routing updates is to guard against misconfiguration. For example, using a password on a network backbone will ensure that if a router is attached to the backbone by mistake, it won’t begin participating in the backbone routing protocol.

Cisco’s implementation of RIP-2 supports two authentication modes: plain-text and MD5. Plain-text authentication works well to guard against misconfigurations but is not a great security solution, since plain-text passwords can be gleaned with a network sniffer.

Passwords must first be defined on each router in global configuration mode. Cisco uses the construct of a "key chain” to define passwords. Let’s define a key chain with the name EmpireStateBldg on router NewYork. The passwords on this key chain are 2000feet and 1782 feet.

key chain EmpireStateBldg
  key 1
  key-string 2000feet
  key 2
  key-string 1782 feet

Routers Chicago and Ames in TraderMary’s network must also be configured with the passwords 2000feet and 1782 feet. Chicago may be configured as follows:

key chain SearsTower
  key 1
  key-string 2000feet
  key 2
  key-string 1782 feet

Note that the names of the key chains are not significant: the names of the key chains can ...