Open In App

Securing Routing Protocols

Last Updated : 29 Oct, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

Prerequisite – Routing Information Protocol (RIP), EIGRP fundamentals, OSPF protocol fundamentals 
Routing is a process in which a layer 3 device (either router or layer 3 switch) finds the best path between the source and destination network. Dynamic routing protocols are used to decrease administrator overhead, i.e., administrator have to configure less but by default, all the routing information is visible to all interested parties as it is not encrypted therefore open to an attack. 

We can secure the routing protocols like RIP, EIGRP, and OSPF by putting an authentication to it through creating a key chain and applying it to the interface on which we are advertising the routes. Here, we will not talk about protocol instead we will put authentication on RIP, EIGRP, and OSPF. 

1. Routing Information Protocol (RIP) – 
RIP is a distance-vector routing protocol which uses port number 520 and has Administrative Distance 120. It is an application layer protocol and has 3 versions from which only version supports authentication. 

Configuration – 

 

There are 3 routers having named router1 (IP address-192.168.1.1 on ethernet0/0), router2 (IP address-192.168.1.2 on ethernet0/0 and 192.168.2.1 on ethernet0/1), router3 (IP address-192.168.2.2 on ethernet0/0). The router1 will not able to ping router3 as it has no route to 192.168.2.0 network. For this, we will perform RIP routing on all the routers and then put authentication on them. 

First configuring router1 for RIP: 

router1(config)#router rip
router1(config-router)#network 192.168.1.0
router1(config-router)#no auto-summary
router1(config-router)#version 2

Now, configuring RIP for router2: 

router2(config)#router rip
router2(config-router)#network 192.168.1.0
router2(config-router)#network 192.168.2.0
router2(config-router)#no auto-summary
router2(config-router)#version 2

Now, configuring RIP for router3: 

router3(config)#router rip
router3(config-router)#network 192.168.2.0
router3(config-router)#no auto-summary 
router3(config-router)#version 2

Here, we have enable version 2 of RIP as it supports authentication. Now, able to Ping router3 (192.168.2.2) from router1(192.168.1.1), put Authentication on all routers one by one. First, make a key chain and apply it to the interface: 
 

router1(config)#key chain cisco
router1(config-keychain)#key 1
router1(config-keychain-key)#key-string cisco1
router1(config-keychain-key)#exit
router1(config-keychain)#exit
router1(config)#int ethernet0/0
router1(config-if)#ip rip authentication mode md5
router1(config-if)#ip rip authentication key-chain cisco

Here, we have create a key chain named cisco having key I’d 1 and key-string cisco1 and apply it to the interface ethernet0/0 (at which we have advertise RIP). 
Now creating same key chain on router2: 
 

router2(config)#key chain cisco
router2(config-keychain)#key 1
router2(config-keychain-key)#key-string cisco1
router2(config-keychain-key)#exit
router2(config-keychain)#exit
router2(config)#int ethernet0/0
router2(config-if)#ip rip authentication mode md5
router2(config-if)#ip rip authentication key-chain cisco

Note – The configuration of key chain, its I’d and key-string should be the same on both the routers. 

2. Enhanced Interior Gateway Routing Protocol – 
EIGRP is an advanced distance routing protocol which uses protocol number 88 and has Administrative Distance 90. It is a network layer protocol which supports clear text and md5 authentication. 

Configuration – 

 

Taking same topology, there are 3 routers having named router1 (IP address-192.168.1.1 on ethernet0/0), router2 (ip address-192.168.1.2 on ethernet0/0 and 192.168.2.1 on ethernet0/1), router3 (ip address-192.168.2.2 on ethernet0/0). Here also, the router1 will not able to ping router3 as it has no route to 192.168.2.0 network. For this we will perform EIGRP routing on all the routers and then put authentication on them. 

Configuring EIGRP on router 1: 

router1(config)#router eigrp 100
router1(config-router)#network 192.168.1.0
router1(config-router)#no auto-summary

Here, Autonomous System Number 100 is used. 
Configuring EIGRP on router2: 

router2(config)#router EIGRP 100
router2(config-router)#network 192.168.1.0
router2(config-router)#network 192.168.2.0
router2(config-router)#no auto-summary

Configuring EIGRP on router3: 

router3(config)#router eigrp 100
router3(config-router)#network 192.168.2.0
router3(config-router)#no auto-summary

Now, putting authentication on routers using eigrp. 

router1(config)#key chain cisco
router1(config-keychain)#key 1
router1(config-keychain-key)#key-string cisco1
router1(config-keychain-key)#exit
router1(config-keychain)#exit
router1(config)#int ethernet0/0
router1(config-if)#ip authentication mode eigrp 100 md5
router1(config-if)#ip authentication key-chain eigrp 100 cisco

Configuring same on router2: 

router2(config)#key chain cisco
router2(config-keychain)#key 1
router2(config-keychain-key)#key-string cisco1
router2(config-keychain-key)#exit
router2(config-keychain)#exit
router2(config)#int ethernet0/0
router2(config-if)#ip authentication mode eigrp 100 md5
router2(config-if)#ip authentication key-chain eigrp 100 cisco

Note – The configuration of key chain, its I’d and key-string should be same on both the routers. 

3. Open Shortest Path First (OSPF) – 
OSPF is a link-state routing protocol which uses protocol number 89 and Administrative Distance 110.It is a network layer protocol which supports clear text and md5 authentication. 

Configuration – 

 

Taking same topology, there are 3 routers having named router1 (ip address-192.168.1.1 on ethernet0/0), router2 (ip address-192.168.1.2 on ethernet0/0 and 192.168.2.1 on ethernet0/1), router3 (ip address-192.168.2.2 on ethernet0/0). For this we will perform OSPF routing on all the routers and then put authentication on them. 
Configuring OSPF on router1: 

router1(config)#router ospf 1
router1(config-router)#network 192.168.1.0 0.0.0.255 area 0

Configuring OSPF on router2: 

router2(config)#router ospf 1
router2(config-router)#network 192.168.1.0 0.0.0.255 area 0
router2(config-router)#network 192.168.2.0 0.0.0.255 area 0

Configuring ospf on router3: 

router3(config)#router OSPF 1
router2(config-router)#network 192.168.2.0 0.0.0.255 area 0

configuring Authentication on router1: 

router1(config)#key chain cisco
router1(config-keychain)#key 1
router1(config-keychain-key)#key-string cisco1
router1(config-keychain-key)#exit
router1(config-keychain)#exit
router1(config)#int ethernet0/0
router1(config-if)#ip ospf Authentication message-digest
router1(config-if)#ip ospf authentication-key cisco1

Configuring Authentication on router2: 

router2(config)#key chain cisco
router2(config-keychain)#key 1
router2(config-keychain-key)#key-string cisco1
router2(config-keychain-key)#exit
router2(config-keychain)#exit
router2(config)#int ethernet0/0
router2(config-if)#ip ospf authentication message-digest
router2(config-if)#ip ospf authentication-key cisco1

Note – 

  • The configuration of key chain, its I’d and key-string should be same on both the routers. 
  • Md5 is susceptible to brute-force attack therefore it is advised to use passwords containing numbers or special characters and should be long. 

Like Article
Suggest improvement
Next
Routing Protocol Code
Share your thoughts in the comments

Similar Reads

Difference Between Network Layer Protocols and Application Layer Protocols
MANET Routing Protocols
Trust Based Energy-Efficient and Secure Routing Protocols for IoT
Classes of Routing Protocols
Routing v/s Routed Protocols in Computer Network
Difference between Classful Routing and Classless Routing
Difference between Distance vector routing and Link State routing
What is Routing Loop and How to Avoid Routing Loop?
Unicast Routing - Link State Routing
Securing wireless and mobile devices
author
saurabhsharma56
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox