Securing Routing Protocols
Another way to protect the routing protocols is to enable authentication so that the protocols accept traffic only from routers known to you. This approach ensures that only trusted routers contribute routes to the routing table and, hence, participate in determining how traffic is routed through your network.
You enable authentication for each routing protocol separately.
Securing RIP
The most secure authentication RIP supports is MD5:
[edit protocols]
fred@router# set rip authentication-type md5
[edit protocols] fred@router# set rip authentication-key key-string
MD5 creates an encoded checksum, which is verified by the receiving router before it accepts packets. You must configure the same password on all RIP routers on the network and the same authentication type. (RIP also lets you use a simple, unencrypted password for authentication.)
Securing IS-IS and OSPF
IS-IS supports MD5 and a simple password authentication, which uses a clear-text, unencrypted password. When authentication is enabled, IS-IS validates that all LSPs are received from trusted routers.
Each IS-IS area can have its own encryption method and password. The following commands set encryption in the IS-IS Level 2 area:
[edit protocols]
fred@router# set isis level 2 authentication-type md5
[edit protocols] fred@router# set isis level 2 authentication-key key-string
All routers within the same area must have the same authentication key.
Securing OSPF
OSPF also supports MD5 ...
Get Junos® OS For Dummies®, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
