When you earned your CCNA, you thought you learned everything there is to know about RIP. Close, but not quite! There are some additional details you need to know to pass the BSCI exam and get one step closer to the CCNP exam, and one of those involves RIP update packet authentication.\nYou’re familiar with some advantages of using RIPv2 over RIPv1, support for VLSM chief among them. But one advantage that you’re not introduced to in your CCNA studies is the ability to configure routing update packet authentication.\nYou have two options, clear text and MD5. Clear text is just that – a clear text password that is visible by anyone who can pick a packet off the wire. If you’re going to go to the trouble of configuring update authentication, you should use MD5. The MD stands for “Message Digest”, and this is the algorithm that produces the hash value for the password that will be contained in the update packets.\nNot only must the routers agree on the password, they must agree on the authentication method. If one router sends an MD5-hashed password to another router that is configured for clear-text authentication, the update will not be accepted. debug ip rip is a great command for troubleshooting authenticated updates.\nR1, R2, and R3 are running RIP over a frame relay cloud. Here is how RIP authentication would be configured on these three routers.\nR1#conf t\nR1(config)#key chain RIP\n< The key chain can have any name. >\nR1(config-keychain)#key 1\n< Key chains can have multiple keys. Number them carefully when using multiples. >\nR1(config-keychain-key)#key-string CISCO\n< This is the text string the key will use for authentication. >\nR1(config)#int s0\nR1(config-if)#ip rip authentication mode text\n< The interface will use clear-text mode. >\nR1(config-if)#ip rip authentication key-chain RIP\n< The interface is using key chain RIP, configured earlier. >\nR2#conf t\nR2(config)#key chain RIP\nR2(config-keychain)#key 1\nR2(config-keychain-key)#key-string CISCO\nR2(config)#int s0.123\nR2(config-subif)#ip rip authentication mode text\nR2(config-subif)#ip rip authentication key-chain RIP\nR3#conf t\nR3(config)#key chain RIP\nR3(config-keychain)#key 1\nR3(config-keychain-key)#key-string CISCO\nR3(config)#int s0.31\nR3(config-subif)#ip rip authentication mode text\nR3(config-subif)#ip rip authentication key-chain RIP\nTo use MD5 authentication rather than clear-text, simply replace the word “text” in the ip rip authentication mode command with md5.\nHere’s what a successfully authentication RIPv2 packet looks like, courtesy of debug ip rip. Clear-text authentication is in effect and the password is “cisco”.\n3d04h: RIP: received packet with text authentication cisco\n3d04h: RIP: received v2 update from 22.214.171.124 on Ethernet0\n3d04h: 126.96.36.199\/8 via 0.0.0.0 in 1 hops\n3d04h: 188.8.131.52\/24 via 0.0.0.0 in 1 hops\nHere’s what it looks like when the remote device is set for MD5 authentication and the local router is set for clear-text. You’ll also see this message if the password itself is incorrect.\n3d04h: RIP: ignored v2 packet from 184.108.40.206 (invalid authentication)\n“Debug ip rip” may be a simple command as compared to the debugs for other protocols. but it’s also a very powerful debug. Start using debugs as early as possible in your Cisco studies to learn how router commands really work!