Guest

Cisco IOS Software Releases 12.4 Mainline

IP-RIP Delay Start

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

IP-RIP Delay Start

Contents

Prerequisites for IP-RIP Delay Start

Restrictions for IP-RIP Delay Start

Information About Neighbor Router Authentication and About IP-RIP Delay Start

Neighbor Router Authentication

IP-RIP Delay Start

Frame Relay

How to Configure IP-RIP Delay Start for Routers Connected by a Frame Relay Network

Configuring RIPv2

Configuring Frame Relay on a Serial Subinterface

Configuring IP, MD5 Authentication for RIPv2 and the IP-RIP Delay Start Feature on a Frame Relay Subinterface

Authentication Key Management

Configuration Examples for IP-RIP Delay Start

Configuring IP-RIP Delay Start on a Frame Relay Interface: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

ip rip initial-delay

Feature Information for IP-RIP Delay Start


IP-RIP Delay Start

First Published: November 17th, 2006
Last Updated: November 17th, 2006

Some non-Cisco routers will not allow an MD5-authenticated RIPv2 neighbor session to start when the sequence number of the first MD5 packet received from the Cisco router is greater than 0. The IP-RIP Delay Start feature is used on Cisco routers to delay the initiation of RIPv2 neighbor sessions until the network connectivity between the neighbor routers is fully operational, thereby ensuring that the sequence number of the first MD5 packet that the router sends to the non-Cisco neighbor router is 0.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for IP-RIP Delay Start" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for IP-RIP Delay Start

Restrictions for IP-RIP Delay Start

Information About Neighbor Router Authentication and About IP-RIP Delay Start

How to Configure IP-RIP Delay Start for Routers Connected by a Frame Relay Network

Configuration Examples for IP-RIP Delay Start

Additional References

Command Reference

Feature Information for IP-RIP Delay Start

Prerequisites for IP-RIP Delay Start

Your router must be running Cisco IOS Release 12.4(12) or a later release.

Restrictions for IP-RIP Delay Start

The IP-RIP Delay Start feature is required only when your Cisco router is configured to establish a RIPv2 neighbor relationship with a non-Cisco device and you want to use MD5 neighbor authentication.

Information About Neighbor Router Authentication and About IP-RIP Delay Start

For more information about neighbor router authentication and the IP-RIP Delay Start feature, see the following sections:

Neighbor Router Authentication

IP-RIP Delay Start

Neighbor Router Authentication

You can prevent your router from receiving fraudulent route updates by configuring neighbor router authentication. When configured, neighbor authentication occurs whenever routing updates are exchanged between neighbor routers. This authentication ensures that a router receives reliable routing information from a trusted source.

Without neighbor authentication, unauthorized or deliberately malicious routing updates could compromise the security of your network traffic. A security compromise could occur if an unfriendly party diverts or analyzes your network traffic. For example, an unauthorized router could send a fictitious routing update to convince your router to send traffic to an incorrect destination. This diverted traffic could be analyzed to learn confidential information about your organization or merely used to disrupt your organization's ability to effectively communicate using the network. Neighbor authentication prevents any such fraudulent route updates from being received by your router.

For more information about neighbor router authentication, see the "Neighbor Router Authentication" module, Cisco IOS Release 12.4.

IP-RIP Delay Start

The IP-RIP Delay Start feature is used on Cisco routers to delay the initiation of RIPv2 neighbor sessions until the network connectivity between the neighbor routers is fully operational, thereby ensuring that the sequence number of the first MD5 packet that the router sends to the non-Cisco neighbor router is 0. The default behavior for a router configured to establish RIPv2 neighbor sessions with a neighbor router using MD5 authentication is to start sending MD5 packets when the physical interface is up.

Frame Relay

The IP-RIP Delay Start feature is often used when a Cisco router is configured to establish a RIPv2 neighbor relationship using MD5 authentication with a non-Cisco device over a Frame Relay network. When RIPv2 neighbors are connected over Frame Relay, it is possible for the serial interface connected to the Frame Relay network to be up while the underlying Frame Relay circuits are not yet ready to transmit and receive data. When a serial interface is up and the Frame Relay circuits are not yet operational, any MD5 packets that the router attempts to transmit over the serial interface are dropped. When MD5 packets are dropped because the Frame Relay circuits over which the packets need to be transmitted are not yet operational, the sequence number of first MD5 packet received by the neighbor router after the Frame Relay circuits become active will be greater than 0. Some non-Cisco routers will not allow an MD5-authenticated RIPv2 neighbor session to start when the sequence number of the first MD5 packet received from the other router is greater than 0.

The differences in vendor implementations of MD5 authentication for RIPv2 are probably a result of the ambiguity of the relevant RFC (RFC #2082) with regards to packet loss. RFC #2082 suggests that routers should be ready to accept either a sequence number of 0 or a sequence number higher than the last sequence number received. For more information about MD5 message reception for RIPv2, see section 3.2.2 of RFC #2082 at the following url: http://www.ietf.org/rfc/rfc2082.txt.

Timesaver Cisco routers allow an MD5-authenticated RIPv2 neighbor session to start when the sequence number of the first MD5 packet received from the other router is greater than 0. If you are using only Cisco routers in your network, you do not need to use the IP-RIP Delay Start feature.

Note The IP-RIP Delay Start feature is supported over other interface types such as Fast Ethernet and Gigabit Ethernet. If your Cisco router cannot establish RIPv2 neighbor sessions using MD5 authentication with a non-Cisco device, the IP-RIP Delay Start feature might resolve the problem.

How to Configure IP-RIP Delay Start for Routers Connected by a Frame Relay Network

The tasks in this section explain how to configure a router to use the IP-RIP Delay Start feature on a Frame Relay interface.

Configuring RIPv2 (required)

Configuring Frame Relay on a Serial Subinterface (required)

Configuring IP, MD5 Authentication for RIPv2 and the IP-RIP Delay Start Feature on a Frame Relay Subinterface (required)

Configuring RIPv2

This required task configures RIPv2 on the router.

Note This task provides instructions for only one of the many possible permutations for configuring RIPv2 on your router. For more information about and instructions for configuring RIPv2, see the Configuring Routing Information Protocol chapter of the Cisco IOS IP Routing Protocols Configuration Guide, Cisco IOS Release 12.4.

SUMMARY STEPS

1. enable

2. configure terminal

3. router rip

4. network ip-network

5. version {1 | 2}

6. [no] auto-summary

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router rip

Example:

Router(config)# router rip


Enables a RIP routing process, which places you in router configuration mode.

Step 4 

network ip-network

Example:

Router(config-router)# network 192.168.0.0

Associates a network with a RIP routing process.

Step 5 

version {1 | 2}

Example:

Router (config-router)# version 2

Configures the software to receive and send only RIP Version 1 or only RIP Version 2 packets.

Step 6 

[no] auto-summary

Example:

Router(config-router)# no auto-summary

Disables or restores the default behavior of automatic summarization of subnet routes into network-level routes.

Configuring Frame Relay on a Serial Subinterface

This required task configures a serial subinterface for Frame Relay.

Note This task provides instructions for only one of the many possible permutations for configuring Frame Relay on a subinterface. For more information about and instructions for configuring Frame Relay, see the Configuring Frame Relay part of the Cisco IOS Wide Area Networking Configuration Guide, Cisco IOS Release 12.4.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface interface-type interface-number

4. no ip address

5. encapsulation frame-relay {mfr | ietf}

6. frame-relay lmi-type {cisco | ansi | q933a}

7. interface type number.subinterface-number {point-to-point | multipoint}

8. frame-relay interface-dlci dlci [ietf | cisco]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router (config)# interface serial3/0

Specifies an interface and enters interface configuration mode.

Step 4 

no ip address

Example:

Router config-if)# no ip address

Removes a previously configured IP address from the interface.

Step 5 

encapsulation frame-relay {mfr | ietf}

Example:

Router(config-if)# encapsulation frame-relay ietf

Specifies the type of Frame Relay encapsulation for the interface.

Step 6 

frame-relay lmi-type {cisco | ansi | q933a}

Example:

Router(config-if)# frame-relay lmi-type ansi

Specifies the type of Frame Relay local management interface (LMI) for the interface.

Step 7 

interface type number.subinterface-number {point-to-point | multipoint}

Example:

Router(config-if)# interface serial3/0.1 point-to-point

Specifies a subinterface and the connection type for the subinterface and enters subinterface configuration mode.

Step 8 

frame-relay interface-dlci dlci [ietf | cisco]

Example:

Router(config-subif)# frame-relay interface-dlci 100 ietf

Assigns a data-link connection identifier (DLCI) to a Frame Relay subinterface.

Configuring IP, MD5 Authentication for RIPv2 and the IP-RIP Delay Start Feature on a Frame Relay Subinterface

This required task configures IP, MD5 authentication for RIPv2 and the IP-RIP Delay Start feature on a Frame Relay subinterface.

Authentication Key Management

Key management is a method of controlling authentication keys used by routing protocols. The steps for configuring an authentication key are included in this task. For more information about managing authentication keys see the "Managing Authentication Keys" chapter of the Cisco IOS IP Routing Protocols Configuration Guide, Cisco IOS Release 12.4.

SUMMARY STEPS

1. enable

2. configure terminal

3. key chain name-of-chain

4. key number

5. key-string string

6. exit

7. exit

8. interface type number.subinterface-number

9. no cdp {enable | log}

10. ip address ip-address subnet-mask

11. ip rip authentication mode {text | md5}

12. ip rip authentication key-chain name-of-chain

13. ip rip initial-delay delay

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

key chain name-of-chain

Example:

Router(config)# key chain rip-md5

Specifies the name of a key chain, and enters key chain configuration mode.

Step 4 

key number

Example:

Router(config-keychain)# key 123456

Specifies the key identifier, and enters key chain key configuration mode. Range: 0 to 2147483647.

Step 5 

key-string string

Example:

Router(config-keychain-key)# key-string abcde

Configures the key string.

Step 6 

exit

Example:

Router(config-keychain-key)# exit

Exits key chain key configuration mode.

Step 7 

exit

Example:

Router(config-keychain)# exit

Exits key chain configuration mode.

Step 8 

interface type number.subinterface-number

Example:

Router(config)# interface serial3/0.1

Specifies a subinterface and enters subinterface configuration mode.

Note The connection type keyword is not required for this step in this task because the connection type for this subinterface was specified in the previous task.

Step 9 

no cdp {enable | log}

Example:

Router(config-subif)# no cdp enable

Disables Cisco Discovery Protocol (CDP) options on the interface.

Note CDP is not supported by non-Cisco devices; and the IP-RIP Delay Start feature is required only when you are connecting to a non-Cisco router. Therefore you should disable CDP on any interfaces on which you want to configure the IP-RIP Delay Start feature.

Step 10 

ip address ip-address subnet-mask

Example:

Router (config-subif)# ip address 172.16.10.1 255.255.255.0

Configures an IP address for the Frame Relay subinterface.

Step 11 

ip rip authentication mode {text | md5}

Example:

Router(config-subif)# ip rip authentication mode md5

Specifies the mode for RIPv2 MD5 authentication.

Step 12 

ip rip authentication key-chain name-of-chain

Example:

Router (config-subif)# ip rip authentication key-chain rip-md5

Specifies a previously configured key chain for RIPv2 MD5 authentication.

Step 13 

ip rip initial-delay delay

Example:

Router(config-subif)# ip rip initial-delay 45

Configures the IP-RIP Delay Start feature on the interface. The router will delay sending the first MD5 authentication packet to the RIPv2 neighbor for the number of seconds specified by the delay argument. Range: 0 to 1800.

Configuration Examples for IP-RIP Delay Start

The following example shows you how to configure the IP-RIP Delay Start feature on a Frame Relay interface.

Configuring IP-RIP Delay Start on a Frame Relay Interface: Example

Configuring IP-RIP Delay Start on a Frame Relay Interface: Example

This excerpt from a router configuration file contains the minimum commands required to configure the IP-RIP Delay Start feature on your router.

!

key chain rip-md5

key 123456

key-string abcde

!

router rip

version 2

network 172.16.0.0

no auto-summary

!

interface Serial3/0

no ip address

encapsulation frame-relay ietf

frame-relay lmi-type ansi

!

interface Serial3/0.1 point-to-point

ip address 172.16.10.1 255.255.255.0

ip rip initial-delay 45

ip rip authentication mode md5

ip rip authentication key-chain rip-md5

frame-relay interface-dlci 100

!

Additional References

The following sections provide references related to the IP-RIP Delay Start feature.

Related Documents

Related Topic
Document Title

Configuring RIP

"Configuring Routing Information Protocol"

Configuring protocol-independent routing features

"Configuring IP Routing Protocol-Independent Features"

Configuring Frame Relay

"Configuring Frame Relay"

Configuring neighbor router authentication

"Neighbor Router Authentication"


Standards

Standard
Title

There are no standards associated with this feature.


MIBs

MIB
MIBs Link

There are no MIBs associated with this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

RFC #2082

RIP-2 MD5 Authentication

RFC #2453

RIP Version 2


Technical Assistance

Description
Link

The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and technical documentation. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Command Reference

This section documents new commands only.

ip rip initial-delay

ip rip initial-delay

To delay the initiation of RIPv2 neighbor sessions using MD5 authentication until the network connectivity between the neighbor routers is fully operational, use the ip rip initial-delay command in interface, or subinterface configuration mode. To remove the configured delay, use the no form of this command.

ip rip initial-delay delay

no ip rip initial-delay

Syntax Description

delay

The number of seconds to wait before sending the first MD5 authentication packet to the RIPv2 neighbor. Range: 0 to 1800.


Command Default

This command is not enabled by default.

Command Modes

Interface
Subinterface configuration

Command History

Release
Modification

12.4(12)

This command was introduced.


Usage Guidelines

Some non-Cisco routers will not allow an MD5-authenticated RIPv2 neighbor session to start when the sequence number of the first MD5 packet received from the Cisco router is greater than 0. The IP-RIP Delay Start feature is used on Cisco routers to delay the initiation of RIPv2 neighbor sessions using MD5 authentication until the network connectivity between the neighbor routers is fully operational thereby ensuring that the sequence number of the first MD5 packet that the router sends to the non-Cisco neighbor router is 0.

Examples

The following example configures the router to wait 45 seconds before sending the first MD5 authentication packet to a non-Cisco device: 

Router(config)# interface serial 3/0.1

Router(config-subif)# ip rip initial-delay 45

Related Commands

Command
Description

debug ip rip

Displays information on Routing Information Protocol (RIP) routing transactions.

show ip rip database

Displays information about the IP route entries in the RIP database.


Feature Information for IP-RIP Delay Start

Table 1 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 1 Feature Information for IP-RIP Delay Start 

Feature Name
Releases
Feature Information

IP-RIP Delay Start

12.4(12)

The IP-RIP Delay Start feature is used on Cisco routers to delay the initiation of RIPv2 neighbor sessions using MD5 authentication over Frame Relay interfaces until the Frame Relay interface is fully operational, thereby ensuring that the sequence number of the first MD5 packet that the router sends to the non-Cisco neighbor router is 0.

The following command was introduced by this feature: ip rip initial-delay.



Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© <year> Cisco Systems, Inc. All rights reserved.