Networking

Cisco IOS RIP Configuration: RIPv2, Authentication, Timers

Part of pathway: Full Guide for All IOS Commands
4 min read

RIP — The Distance-Vector Original

Routing Information Protocol is the oldest interior gateway protocol still on certifications. RIPv1 dates to 1988; RIPv2 (RFC 2453) added authentication, classless support, and multicast in 1998. In modern production networks RIP is essentially extinct — OSPF, EIGRP, and IS-IS run circles around it. But it’s still on the CCNA blueprint and occasionally appears on inherited networks running 15-year-old gear.

This article covers RIPv2 on Cisco IOS — configuration, authentication, the timer model, and why it’s mostly retired.

RIP at a Glance

  • Distance-vector: each router shares its full routing table with directly connected neighbors
  • Metric: hop count, max 15 (16 = unreachable)
  • UDP 520 (RIPng for IPv6 uses UDP 521)
  • Multicast 224.0.0.9 for v2 updates (v1 used broadcast)
  • Administrative distance 120
  • 30-second update timer, 180s invalid, 180s holddown, 240s flush

Why It’s Mostly Retired

  • 15-hop maximum — doesn’t scale past small networks
  • Slow convergence — minutes, not seconds
  • Distance-vector “routing by rumor” — routers don’t know full topology, only what neighbors tell them
  • Susceptible to routing loops without split-horizon and holddown timers
  • Periodic full-table updates eat bandwidth on slow links

Where it still has a niche: tiny stub networks where simplicity matters more than convergence speed (a /29 home lab, a temporary diagnostic setup), and on legacy devices that don’t support OSPF/EIGRP.

Basic RIPv2 Configuration

R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# no auto-summary
R1(config-router)# network 10.0.0.0
R1(config-router)# network 192.168.1.0

Three things every RIP config needs:

  1. version 2 — RIPv1 is broken on classless networks. Always force v2.
  2. no auto-summary — like EIGRP, RIP auto-summarizes at classful boundaries by default. Disable.
  3. network statements — lists the classful network addresses (RIP only takes classful, not wildcard masks). Every interface inside a configured network participates in RIP.

Passive Interfaces

Like every other dynamic routing protocol, you don’t want RIP advertising out of LAN-facing interfaces. Best pattern: passive everything by default, then unpassive the specific peering interfaces:

R1(config-router)# passive-interface default
R1(config-router)# no passive-interface GigabitEthernet0/1

Static and Default Routes

Inject a default into RIP for downstream routers:

R1(config-router)# default-information originate

Redistribute static routes:

R1(config-router)# redistribute static

Timer Tuning

R1(config-router)# timers basic 15 90 90 120

Four numbers: update / invalid / holddown / flush. Defaults are 30/180/180/240. Tighter timers improve convergence at the cost of more chatter. Both ends of the network must agree, or routes go invalid out-of-sync.

Authentication (MD5)

R1(config)# key chain RIP-KEYS
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string SecretRipKey

R1(config)# interface GigabitEthernet0/1
R1(config-if)# ip rip authentication mode md5
R1(config-if)# ip rip authentication key-chain RIP-KEYS

RIPv2 supports both plain text and MD5. Always use MD5; plain text is symbolic only. Both ends need the same key-chain (key id and string match).

Verifying RIP

R1# show ip rip database
R1# show ip protocols
R1# debug ip rip
R1# show ip route rip

show ip protocols displays the timer values, neighbors, distribute-lists, and which interfaces are passive. The most useful single command for RIP troubleshooting.

Split Horizon and Loop Prevention

RIP’s loop-prevention mechanisms:

  • Split horizon — don’t advertise a route back out the interface it was learned on. Default-on.
  • Route poisoning — when a route goes down, advertise it as metric 16 (infinity) so neighbors know it’s gone.
  • Holddown timer — after a route goes down, ignore worse-metric updates about it for the holddown period (default 180s) to prevent flapping.

On Frame Relay multipoint subinterfaces, split horizon needs to be disabled because the spokes can’t see each other:

R1(config-if)# no ip split-horizon

RIPng — RIP for IPv6

For completeness:

R1(config)# ipv6 router rip RIPNG-PROC

R1(config)# interface GigabitEthernet0/1
R1(config-if)# ipv6 rip RIPNG-PROC enable

RIPng is enabled per-interface, not via a global network statement. Otherwise behavior matches RIPv2 with IPv6 metrics.

Common Pitfalls

  • Forgetting version 2. RIPv1 doesn’t carry subnet masks, breaking on any classless network.
  • Forgetting no auto-summary. Same trap as EIGRP. Routes get summarized at classful boundaries.
  • Network statement using wildcard. RIP doesn’t take a wildcard mask. network 10.0.0.0 covers the entire 10/8.
  • Neighbors with mismatched timers. Routes go invalid before the other end has issued an update. Standardize timers across the domain.
  • MD5 key-id mismatch. Both routers must use the same key id, not just the same string.
  • Using RIP for new deployments. Don’t. Even small networks should run OSPF or EIGRP.

Conclusion

RIP earns its place in CCNA material as a teaching tool — the simplest dynamic routing protocol shows you what distance-vector means, how holddown and split-horizon work, and why link-state protocols ultimately won. For new production networks, skip it. For inherited environments still running RIP, the configuration is short:

  1. version 2
  2. no auto-summary
  3. passive-interface default + selective unpassive
  4. MD5 authentication via key-chain
  5. Plan to migrate to OSPF or EIGRP
Tags: #CCNA #Cisco IOS #Distance Vector #RIP

Related Articles

Leave a Reply