Successfully pass the free certification exam at IW Academy and become an Infinet Certified Engineer.
Description
ARIP module is a standard routing RIP protocol realization, which supports two RIP versions - RIP-1 and RIP-2. Module configuration is performed by "arip" command.
ARIP has its own command shell (CS). CS is available only when ARIP daemon is started. To enter ARIP CS use the "arip" command. Commands in CS are not case-sensitive and can be shortened until ambiguity appears. To get a quick hint you can press "?" at any time.
The command shell has a number of modes:
The current mode is displayed along with the command prefix in the form "RIP(mode)#". Initially, the CS is in the basic mode, which parameters are only for viewing the router current state. In order to switch the configuration mode you should have superuser rights. After entering a configuration mode, the configuration is being blocked and entering in this mode from other terminal (e.g. other telnet session) is prohibited. In order to avoid a "dead" block of the session, CS automatically quits the configuration mode after two minutes of no activity. The "end" command allows to exit any mode.
The transition scheme between different modes of CS:
Commands may have different arguments, which are specified in several formats. Arguments format is described in the context help ("?") or in the list of commands ("help") in the following way:
- "A.B.C.D" – IP address (ex, 192.168.0.15).
- "WORD" – a set of characters with no spaces.
- "<1-N>" – a decimal number in a range from 1 to N.
- "A.B.C.D/M" – a parameter is set in a format IP address/subnet mask length – an integer in range 0...32 (ex. 192.168.0.0/24).
- "IFNAME" – name of a physical network interface (ex. eth0).
If an argument can be written in different formats, it will be displayed in round brackets, options are separated by "|" character. Example: "(A.B.C.D|<0-4294967295>)". If an argument is optional, it is put into square brackets: "[]". Any parameter may have "no" prefix, it will remove a corresponding parameter from the configuration.
Syntax:
configure Configuration access-list Add an access list entry clear Reset functions end End current mode and change to root mode (CTRL+C). exit Back to WANFlex command shell (CTRL+D). help Print command list interface Select an interface to configure authentication Authentication control description Interface specific description end End current mode and change to root mode (CTRL+C). exit Back to WANFlex command shell (CTRL+D). help Print command list no Negate a command or set its defaults receive Advertisement reception send Advertisement transmission show Show running system information split-horizon Perform split horizon key Authentication key management no Negate a command or set its defaults prefix-list Build a prefix list route-map Create route-map or enter route-map command mode end End current mode and change to root mode (CTRL+C). exit Back to WANFlex command shell (CTRL+D). help Print command list match Match values from routing table no Negate a command or set its defaults on-match Exit policy on matches route-map Create route-map or enter route-map command mode set Set values in destination routing protocol show Show running system information router Enable RIP routing process default-information Control distribution of default route default-metric Set a metric of redistribute routes distance Administrative distance distribute-list Filter networks in routing updates end End current mode and change to root mode (CTRL+C). exit Back to WANFlex command shell (CTRL+D). help Print command list neighbor Specify a neighbor router network Enable routing on an IP network no Negate a command or set its defaults offset-list Modify RIP metric passive-interface Suppress routing updates on an interface redistribute Redistribute information from another routing protocol route RIP static route configuration route-map Route map set show Show running system information tagged Tagged mode timers Adjust routing timers version Set routing protocol version show Show running system information stop stop debug Set debugging print level end End current mode and change to root mode (CTRL+C). exit Back to WANFlex command shell (CTRL+D). help Print command list no Negate a command or set its defaults show Show running system information access-list List IP access lists memory Memory statistics prefix-list Build a prefix list rip IP routing protocol process parameters and statistics route Show RIP routes running-config running configuration thread Thread information version Displays version
Parameters
Parameter | Description |
---|---|
start | Starts ARIP daemon. |
help | Displays the whole command list for the current mode. |
end | Goes back from the current mode to the basic RIP mode, keyboard shortcut Ctrl+C can also be used. |
exit | Exit from ARIP CS, keyboard shortcut Ctrl+D can also be used. |
show | Allows to review current running RIP router configuration.
|
debug level N | Adds RIP debug information to the system log.
|
configure | Allows to enter the "RIP configure" mode. |
RIP configure mode | |
stop (daemon|clear) | Stops the RIP daemon:
|
access-list | Access lists are used in the router's configuration as filters, in addition, they are also used to set the matching conditions in the route map configuration. Access lists consist of an operators set. Each operator consists of a IP addresses range (matching conditions) and resulting action: "deny" or "permit". The IP addresses range is set in "<value> <mask>" form. The object to be filtrated has its basic parameter in the same format (IP address, subnet etc). To make a decision whether the object corresponds with a list, each operator from the list is consequently applied to the object basic parameter until this parameter satisfies the condition. When a right condition is met, the decision is made according to the record in the operator command. While configuring, the operators are added to the end of the list. Thus, when filtering, the sequence of viewing access list operators is determined only by the sequence of their addition. There are three access lists type in the RIP router.
For more information about managing access lists parameters see the "Filtration objects" subsection. |
prefix-list | Prefix-lists, same as access lists, are used as filters in a router configuration and works on the same principles, however, they have a number of differences in the operators. First, besides the range and solution each operator can have also a sequential number (1-4294967295), which are used to sort the lists. It allows to manage the operators view sequence when filtering objects. If a sequential number is not specified the router sets it up automatically by adding 5 to the last operator number in a list. Thus, the operator will have the biggest number and will be placed in the end of the list. Secondly, the length mask can be used as the filtering condition.
For more information about managing prefix-lists parameters see the "Filtration objects" subsection. |
clear prefix-list WORD | Clear prefix-list with the "WORD" name. |
key chain WORD | Allows to set a key that will be used for authentication. "WORD" – key chain name. After applying this parameter, CS will switch to the "RIP(config-keychain)#" mode, where it is possible to set the key identifier in the 0...2147483647 range. Following parameters can be also specified in the "RIP(config-keychain-key)#" mode:
For more information see the "authentication" parameter of the "RIP config-if mode" subsection. |
router | Allows to enter the "RIP config-router" mode. For more information see the "RIP config-router mode" subsection. |
route-map WORD (deny|permit) <1-65535> | Allows to create the road-map. The ARIP command shell is switching to route-map configuration mode.
Route-map is a conditional records set. Records are viewed in order from first to last. Each record is decribed by following parameters:
For more information about this mode see the "RIP config-route-map mode" subsection. |
interface IFNAME | Entering the "config-if" mode. For more information about this mode see the "RIP config-if mode" subsection.
|
RIP config-router mode | |
network (A.B.C.D/M|WORD) | Enables RIP on the network interface.
|
neighbor A.B.C.D | Allows to establish a direct link between routers, in cases if not all routers understand multiсast requests.
|
redistribute (kernel|connected|static|ospf) [metric <0-16777214>] [route-map WORD] | Allows router to advertise external links. Redistributed routes are classified by:
|
distribute-list (WORD|prefix) (in|out) [WORD] | Allows to define criteria a router will use to advertise the link.
|
default-metric <1-16> | Allows to set the default metric value for all external channels. If default metric is not defined, it equals 1. |
default-information originate | By default, in the "redistribute kernel" mode the router will not make an advertisement into system about having as a link to default gateway, even if it is clearly written in the routing table by the administrator. This parameter allows the default route advertisement. |
route-map WORD (in|out) IFNAME | Enables a route map using on a specific interface.
|
timers basic update timeout garbage | Changes timers values.
|
distance <1-255> [A.B.C.D/M] | Sets an administrative distance value in range 1...255 for routes from the specified source.
|
offset-list WORD (in|out) [IFNAME] | Allows to change the incoming / outgoing routes metric.
|
passive-interface (IFNAME|default) | Allows to manage a routing information updates. Suppresses the routing updates over some interfaces, but allows to exchange updates through other interfaces in normal mode.
|
route A.B.C.D/M | Allows to configure static routes within the RIP module.
|
version <1-2> | Sets the RIP protocol version. |
tagged | Enables the tag assignment mode. |
RIP config-if mode | |
split-horizon [poisoned-reverse] | Enables "split horizon" algorithm at the device network interface. When the "split horizon" algorithm is enabled device doesn’t announce routes through an interface from which they were obtained, thus reducing the local routing cycles probability. "Split horizon" algorithm without "poisoned-reverse" parameter is enabled by default.
|
authentication (key-chain LINE|mode (md5|text)|string LINE) | Sets authentication for the current interface, it allows to prevent an unauthorized routers connection to RIP system, the system has an identity check for protocol’s packets. By default, the router does not have any authentication (null-authentication).
|
description | Adds interface description. |
send version (1|2|1 2) | Sets the RIP protocol version, which is used by current interface to send packets. This setting will work despite the global RIP settings ("version" parameter). Following values can be set: RIP-1/RIP-2/RIP-1 and RIP-2. By default, sends packets according to global settings (RIP-2). |
receive version (1|2|1 2) | Sets the RIP protocol version, for packets which are received by current interface. This setting will work despite the global RIP settings ("version" parameter). Following values can be set: RIP-1/RIP-2/RIP-1 and RIP-2. By default, receives packets according to global settings (RIP-1 and RIP-2). |
RIP config-route-map mode | |
match address[(<1-199>|<1300-2699>|WORD)]|prefix-list WORD]|interface WORD|next-hop[(<1-199>|<1300-2699>|WORD)|prefix-list WORD]|metric <0-4294967295>|tag <0-65535> | Sets matching conditions for the imported route. For each record several conditions can be set. If several conditions are specified they are applied according to the "and" rule.
|
set metric <0-4294967295>|next-hop A.B.C.D|tag <0-65535> | Sets link metric, next-hop and link tag values, If a route matches to all record’s rules.
|
on-match (goto <1-65535>)|next | Sets behavior scenario, if the route matches all conditions.
CAUTION In order for the route map to be used by current interface, the "route-map" parameter must be applied in the "RIP config-router" mode. |
Filtration objects
Access lists
The following "config" mode parameters are used to create or modify access lists for a RIP router.
Standard list:
access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D
- "(<1-99>|<1300-1999>)" – list identifier.
- "(deny|permit)" – resulting action.
- "A.B.C.D A.B.C.D" – IP address range in "<value> <mask>" form.
This parameter creates an operator in a standard access list. Value and mask define a range (criteria) for the operator. The mask defines those bits of the value which form the range. For example, in order to specify the range of IP address from 192.168.12.0 to 192.168.255, the "192.168.12.0" value and the "0.0.0.255" mask should be specified. For value and mask of 0.0.0.0 255.255.255.255 there is a key word "any". Commands below are equal.
RIP(config)# access-list 1 permit 0.0.0.0 255.255.255.255 RIP(config)# access-list 1 permit any
For the range which consists of only one address, the key word "host" is used. Commands below are equal.
RIP(config)# access-list 1 permit 192.168.12.150 0.0.0.0 RIP(config)# access-list 1 permit host 192.168.12.150
Extended list:
access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D
- "(<100-199>|<2000-2699>)" – list identifier.
- "(deny|permit)" – resulting action.
- "A.B.C.D A.B.C.D" – source IP address range.
- "A.B.C.D A.B.C.D" – destination IP address range.
Nominate list:
access-list WORD (deny|permit) A.B.C.D/M exact-match
- "WORD" – list identifier.
- "(deny|permit)" – resulting action.
- "A.B.C.D/M" – IP address range.
"exact-match" – is used for the exact match of a parameter to the range.
Prefix-lists
prefix-list WORD seq <1-4294967295> (deny|permit) A.B.C.D/M ge <0-32> le <0-32>
- "WORD" – list identifier.
- "seq <1-4294967295>" – sequential number.
- "(deny|permit)" – resulting action.
- "A.B.C.D/M" – IP address range.
"exact-match" – is used for the exact match of a parameter to the range.
"ge <0-32> le <0-32>" – allowed mask values range.
Examples
Enable RIP on the interface with network IP address matching "4.7.8.0/24". RIP(config-router)# network 4.7.8.0/24 |
Set authentication using a secret key. By using "key chain" parameter create the "TEST" key-chain with key identifier "123" and set the secret key value "TESTTEST". RIP(config)# key chain TEST RIP(config-keychain)# key 123 RIP(config-keychain-key)# key-string TESTTEST Enable MD5 authentication mode and select secret key with "TESTTEST" name. RIP(config-if)# authentication mode md5 RIP(config-if)# authentication key-chain TESTTEST The "no" prefix is used to disable authentication. RIP(config-if)# no authentication mode md5 |
Create such configuration for the "eth0" interface to allow packets which are routed in "10.0.0.0/8" network only. In the "config" mode create "private" nominate access list which allow "10.0.0.0/8" network IP addresses and deny all others. After that in "config-router" mode apply this list to the "eth0" interface. RIP(config)# access-list private permit 10.0.0.0/8 RIP(config)# access-list private deny any RIP(config-router)# distribute-list private in eth0 |
In the following configuration, the router advertises external links created from the system routing table "connected" routes. If a destination for this route is a "192.168.200.0/24" subnetwork, the formed link will have metric 7, any other destination will not lead to route advertising it. RIP(config)# access-list AnyNetwork permit any RIP(config)# access-list net200 permit 192.168.200.0/24 RIP(config)# route-map mapForConnected permit 10 RIP(config-route-map)# match address net200 RIP(config-route-map)# set metric 7 RIP(config-route-map)# route-map mapForConnected deny 11 RIP(config-route-map)# match address AnyNetwork RIP(config-router)# redistribute connected route-map mapForConnected |