Enabling Source Ip Address Check On Incoming Rip Updates; Configuring Ripv2 Message Authentication - H3C S7500E Series Operation Manual

Operation Manual – IPv4 Routing
H3C S7500E Series Ethernet Switches

2.4.5 Enabling Source IP Address Check on Incoming RIP Updates

You can enable source IP address check on incoming RIP updates.
For a message received on an Ethernet interface, RIP compares the source IP address
of the message with the IP address of the interface. If they are not in the same network
segment, RIP discards the message.
For a message received on a serial interface, RIP checks whether the source address
of the message is the IP address of the peer interface. If not, RIP discards the
message.
Follow these steps to enable source IP address check on incoming RIP updates:
Enter system view
Enter RIP view
Enable source IP address
check on incoming RIP
messages
Note:
The source IP address check feature should be disabled if a RIP neighbor is not directly
connected.

2.4.6 Configuring RIPv2 Message Authentication

RIPv2 supports two authentication modes: plain text and MD5.
In plain text authentication, the authentication information is sent with the RIP message,
which however cannot meet high security needs.
Follow these steps to configure RIPv2 message authentication:
To do...
Enter system view
Enter interface view
Configure RIPv2
authentication
To do...
system-view
rip [ process-id ]
validate-source-address
system-view
interface interface-type interface-number
rip authentication-mode { md5
{ rfc2082 key-string key-id | rfc2453
key-string } | simple password }
Use the command...
Use the command...
2-15
Chapter 2 RIP Configuration
Remarks
––
––
Optional
Enabled by default
Remarks
––
––
Required