Articles Articles Most Popular Articles Most Popular Articles Most Helpful Articles Most Helpful Articles
Advanced Search
DrillDown Icon Table of Contents Back
 . . . . . . . . . . . . .
DrillDown Icon What's New
DrillDown Icon Knowledge Base Information
DrillDown Icon Cyberoam UTM
DrillDown Icon Product Literature
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Version 10.x
DrillDown Icon Cyberoam Maintenance
DrillDown Icon FAQ's
DrillDown Icon How To
DrillDown Icon Anti Spam
DrillDown Icon Anti Virus
DrillDown Icon Authentication
DrillDown Icon Clients
DrillDown Icon Content Filtering
DrillDown Icon Firewall
DrillDown Icon Identity-based Policies
DrillDown Icon IPS
DrillDown Icon Logs & Reports
DrillDown Icon Multiple Gateway - Load Balancing and Failover
DrillDown Icon Quality of Service (QoS)
DrillDown Icon Registration
DrillDown Icon Routing
DrillDown Icon Configure Policy-based Routing
DrillDown Icon Implement Transparent Subnet Gateway Using Bridge Pair
DrillDown Icon Configure BGP in Cyberoam
DrillDown Icon Configure Routing Information Protocol (RIP)
DrillDown Icon Implement Transparent Subnet Gateways using Proxy ARP
DrillDown Icon Avoid Asymmetric Routing in Cyberoam
DrillDown Icon Enable Multicast Forwarding
DrillDown Icon SSL VPN
DrillDown Icon System
DrillDown Icon Users and Groups
DrillDown Icon Virtual LANs
DrillDown Icon VPN
DrillDown Icon Web Application Firewall (WAF)
DrillDown Icon Wireless LAN
DrillDown Icon Configure Wireless WAN
DrillDown Icon TroubleShooting
DrillDown Icon Version 9.x
DrillDown Icon Visio Stencils
DrillDown Icon Glossary
DrillDown Icon Product Technical Support
DrillDown Icon Compatibility
DrillDown Icon Cyberoam Virtual UTM
DrillDown Icon Endpoint Data Protection
DrillDown Icon Cyberoam SSL VPN
DrillDown Icon Cyberoam iView
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
  Email This ArticlePrintPrint Current Article and All Sub-Articles
Rate Icon Rate Icon Rate Icon Rate Icon Rate Icon
 
Configure Routing Information Protocol (RIP)
 
Applicable to Version: 10.00 onwards

Routing Information Protocol (RIP) is a distance-vector routing protocol documented in RFC 1058. RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information.

The Cyberoam implementation of RIP supports 

·         RIP version 1 (as described in RFC 1058)

·         RIP version 2 (as described in RFC 2453)

·         Plain text and Message Digest 5 (MD5) authentication for RIP Version 2 
 
 

Prerequisite 

RIP must be enabled before carrying out any of the RIP commands.


Solution: Configure RIP for Cyberoam Interfaces  
 
This document consists of two (2) sections:
CLI Console
 
To configure RIP, use the following commands from CLI Console:
 

Step 1: Logon to CLI and Follow On-Screen Steps

 

Logon to CLI Console; specify password at the password prompt and you will get the following screen:
 

Choose Option 3 - Route Configuration
 

Go to Option 1 - Configure Unicast Routing
 

Go to Option 1 - Configure RIP
 
 

Step 2: Configure RIP
 
To configure RIP, perform the tasks described in the following table
 

Steps

Command

Purpose

Enable RIP

rip> en

Enables a RIP routing process and places you into the RIP Enable mode.

Specify a list of networks for the Routing Information Protocol (RIP) routing process

rip# configure terminal

Enables the RIP configuration mode which places you in the Router Configuration mode and allows you to configure from the terminal.

rip(config)# router rip

Allows to configure RIP routing process

The router rip command is necessary to enable RIP. RIP must be enabled before carrying out any of the RIP commands.

rip(config-router)# no router rip

Disables a RIP routing process and places you into the Disable mode.

rip(config-router)# version 1

rip(config-router)# version 2

RIP can be configured to process either Version 1 or Version 2 packets. The default mode is Version 2. If no version is specified, then the RIP will be set to Version 2. If RIP is set to Version 1, the setting "Version 1" will be displayed, but the setting "Version 2" will not be displayed whether or not Version 2 is set explicitly as the version of RIP being used.

rip(config-router)# network network

This group of commands either enables or disables RIP interfaces between certain numbers of a specified network address.

For example, if the network for 10.0.0.0/24 is RIP enabled, this would result in all the addresses from 10.0.0.0 to 10.0.0.255 being enabled for RIP.

Enables RIP interfaces between specified network address.

RIP routing updates will be sent and received only through interfaces on this network.

Also, if the network of an interface is not specified, the interface will not be advertised in any RIP update.

The interfaces which have addresses matching with network are enabled.

rip(config-router)# no network network

The no network command will disable RIP for the specified network.

rip(config-router)# neighbor a.b.c.d

Specify RIP neighbor. When a neighbor does not understand multicast, this command is used to specify neighbors.

In some cases, all routers will not be able to understand multicasting and where packets are sent to a network or a group of addresses. In such a situation where a neighbor cannot process multicast packets, it is necessary to establish a direct link between routers.

The neighbor command allows the network administrator to specify a router as a RIP neighbor.

rip(config-router)# no neighbor a.b.c.d

The no neighbor a.b.c.d command will disable the RIP neighbor.

rip(config-router)# redistribute kernel

rip(config-router)# redistribute kernel metric <0-16>

rip(config-router)# redistribute kernel route-map route-map

Redistribute kernel redistributes routing information from kernel route entries into the RIP tables.

rip(config-router)# no redistribute kernel

no redistribute kernel disables the routes.

rip(config-router)# redistribute static

rip(config-router)# redistribute static metric <0-16>

rip(config-router)# redistribute static route-map route-map

Redistribute static redistributes routing information from static route entries into the RIP tables.

rip(config-router)# no redistribute static

no redistribute static disables the routes.

rip(config-router)# redistribute connected

rip(config-router)# redistribute connected metric <0-16>

rip(config-router)# redistribute connected route-map route-map

Redistribute connected routes into the RIP tables. The connected route on RIP enabled interface is announced by default.

rip(config-router)# no redistribute connected

no redistribute connected disables the connected routes in the RIP tables. This command redistribute connected of the interface which RIP disabled.

rip(config-router)# redistribute ospf

rip(config-router)# redistribute connected metric <0-16>

rip(config-router)# redistribute connected route-map route-map

Redistribute ospf redistributes routing information from ospf route entries into the RIP tables.

rip(config-router)# no redistribute connected

no redistribute ospf disables the routes

rip(config-router)# redistribute bgp

rip(config-router)# redistribute connected metric <0-16>

rip(config-router)# redistribute connected route-map route-map

Redistribute bgp redistributes routing information from bgp route entries into the RIP tables.

rip(config-router)# no redistribute connected

no redistribute bgp disables the routes.

Configure Authentication

To set authentication mode as text and set the authentication string

rip(configure)# interface ifname

rip(configure-if)# ip rip authentication mode {text [string]}

For example,

rip(configure)# interface A

rip(configure-if)# ip rip authentication mode text

rip(configure-if)# ip rip authentication string teststring

To set authentication mode as MD5 and set the authentication string

rip(configure)# interface ifname

rip(configure-if)# ip rip authentication mode {md5 [key-chain name of key chain]}

For example,

rip(configure)# interface A

rip(configure-if)# ip rip authentication mode md5 key-chain testkeychain

Defines authentication mode for the each interface. By, default, authentication is on for all the interfaces. If authentication is not required for any of the interface, it is to be explicitly disabled.

RIP Version 1 does not support authentication.

RIP Version 2 supports Clear Text (simple password) or Keyed Message Digest 5 (MD5) authentication.

To enable authentication for RIP Version 2 packets and to specify the set of keys that can be used on an interface, use the ip rip authentication key-chain command in interface configuration mode.

If authentication is not required for any of the interface, use the no form of this command. 

rip(config-router)# write

Writes the configuration to the device. We need to provide this statement after the configuration changes have been done, so as to write the configuration to the device.

Execute ‘exit’ command to return to the previous mode.

Show RIP Information

rip# show running-config

Shows the current configuration saved to the device.

RIP Debug Commands

rip# show ip rip status

Shows all the RIP information

rip# debug rip events

Debugging RIP events

rip# debug rip packet

Debugging RIP packets

rip# terminal monitor

Monitor the debug logs on telnet window.

rip# no debug rip events

Disable the debugging of RIP events

rip# no debug rip packets

Disable the debugging of RIP packets.

Sample RIP Configuration Screens
 
 
 
 

Web Admin Console

Logon to Cyberoam Web Admin Console with user having “Administrator” profile.

 

Step 1: Create Firewall Rule

Additionally, a firewall rule is to be configured for the zone for which the RIP traffic is to be allowed i.e. LAN to LOCAL or WAN to LOCAL.


Add Rule
 
Go to Firewall --> Rule and click on “Add” to create Firewall rule.
 
 
Parameters Description
 

Parameters

Value

Description

Name

RIP Firewall Rule

Specify name to identify the Firewall Rule.

Zone

Source – LAN

Destination - LOCAL

Specify source and destination zone to which the rule applies.

Network/Host

Any/Any

Specify source and destination host or network address to which the rule applies.

Services

RIP

Services represent types of Internet data transmitted via particular protocols or applications.

Select service/service group to which the rule applies.

Schedule

All the time

Select Schedule for the rule

You can also add a new schedule directly from this.

Action

Accept

Select rule action

Available Options:

·         Accept – Allow access

·         Drop – Silently discards

·         Reject – Denies access and ‘ICMP port unreachable’ message will be sent to the source
 

Click on OK and the Firewall Rule will be created successfully.
 
 
                                                           Document Version – 1.0 – 14/02/2012
 

 
 
 
 
 
Attachments
File Icon How To - Configure Routing Information Protocol.pdf
Article ID: 2224
   Copyright © 2013 Cyberoam Technologies Pvt. Ltd.
All rights reserved.		 Knowledge Base Software
Powered By: NovoSolutions, Inc.