Page tree
Skip to end of metadata
Go to start of metadata

Successfully pass the free certification exam at IW Academy and become an Infinet Certified Engineer.

To the certification exam

Description

ARIP module is a standard routing RIP protocol realization, which supports two RIP versions - RIP-1 and RIP-2. Module configuration is performed by "arip" command.

ARIP has its own command shell (CS). CS is available only when ARIP daemon is started. To enter ARIP CS use the "arip" command. Commands in CS are not case-sensitive and can be shortened until ambiguity appears. To get a quick hint you can press "?" at any time.

The command shell has a number of modes:

The current mode is displayed along with the command prefix in the form "RIP(mode)#". Initially, the CS is in the basic mode, which parameters are only for viewing the router current state. In order to switch the configuration mode you should have superuser rights. After entering a configuration mode, the configuration is being blocked and entering in this mode from other terminal (e.g. other telnet session) is prohibited. In order to avoid a "dead" block of the session, CS automatically quits the configuration mode after two minutes of no activity. The "end" command allows to exit any mode.

The transition scheme between different modes of CS:

RIP modes
Figure - The transition scheme between different modes of CS

Commands may have different arguments, which are specified in several formats. Arguments format is described in the context help ("?") or in the list of commands ("help") in the following way:

  • "A.B.C.D" – IP address (ex, 192.168.0.15).
  • "WORD" –  a set of characters with no spaces.
  • "<1-N>" – a decimal number in a range from 1 to N.
  • "A.B.C.D/M" – a parameter is set in a format IP address/subnet mask length  – an integer in range 0...32 (ex. 192.168.0.0/24).
  • "IFNAME" – name of a physical network interface (ex. eth0).

If an argument can be written in different formats, it will be displayed in round brackets, options are separated by "|" character. Example: "(A.B.C.D|<0-4294967295>)". If an argument is optional, it is put into square brackets: "[]". Any parameter may have "no" prefix, it will remove a corresponding parameter from the configuration.

Syntax:

  configure  Configuration
    access-list  Add an access list entry
    clear        Reset functions
    end          End current mode and change to root mode (CTRL+C).
    exit         Back to WANFlex command shell (CTRL+D).
    help         Print command list
    interface    Select an interface to configure
      authentication  Authentication control
      description     Interface specific description
      end             End current mode and change to root mode (CTRL+C).
      exit            Back to WANFlex command shell (CTRL+D).
      help            Print command list
      no              Negate a command or set its defaults
      receive         Advertisement reception
      send            Advertisement transmission
      show            Show running system information
      split-horizon   Perform split horizon
    key          Authentication key management
    no           Negate a command or set its defaults
    prefix-list  Build a prefix list
    route-map    Create route-map or enter route-map command mode
      end        End current mode and change to root mode (CTRL+C).
      exit       Back to WANFlex command shell (CTRL+D).
      help       Print command list
      match      Match values from routing table
      no         Negate a command or set its defaults
      on-match   Exit policy on matches
      route-map  Create route-map or enter route-map command mode
      set        Set values in destination routing protocol
      show       Show running system information
    router       Enable RIP routing process
      default-information  Control distribution of default route
      default-metric       Set a metric of redistribute routes
      distance             Administrative distance
      distribute-list      Filter networks in routing updates
      end                  End current mode and change to root mode (CTRL+C).
      exit                 Back to WANFlex command shell (CTRL+D).
      help                 Print command list
      neighbor             Specify a neighbor router
      network              Enable routing on an IP network
      no                   Negate a command or set its defaults
      offset-list          Modify RIP metric
      passive-interface    Suppress routing updates on an interface
      redistribute         Redistribute information from another routing protocol
      route                RIP static route configuration
      route-map            Route map set
      show                 Show running system information
      tagged               Tagged mode
      timers               Adjust routing timers
      version              Set routing protocol version
    show         Show running system information
    stop         stop
  debug      Set debugging print level
  end        End current mode and change to root mode (CTRL+C).
  exit       Back to WANFlex command shell (CTRL+D).
  help       Print command list
  no         Negate a command or set its defaults
  show       Show running system information
    access-list     List IP access lists
    memory          Memory statistics
    prefix-list     Build a prefix list
    rip             IP routing protocol process parameters and statistics
    route           Show RIP routes
    running-config  running configuration
    thread          Thread information
    version         Displays version

Parameters

ParameterDescription
startStarts ARIP daemon.
helpDisplays the whole command list for the current mode.
endGoes back from the current mode to the basic RIP mode, keyboard shortcut Ctrl+C can also be used.
exitExit from ARIP CS, keyboard shortcut Ctrl+D can also be used.
show

Allows to review current running RIP router configuration.

  • "access-list" – displays access lists content.

    • "[(<1-99>|<100-199>|<1300-1999>|<2000-2699>|WORD)]" - the list identifier, if not specified then a content of all lists is displayed.

  • "memory" – a memory statistic.
    • "all", "lib", "ospf" and "rip specify values types to be shown. If not specified, data will be displayed for all types, same as the "all" parameter.
  • "prefix-list" – displays prefix-lists content (for more information about the prefix lists configuration see subsection "Filtration objects").

  • "rip" – displays RIP protocol summary information. Displays an information about timers, filters, versions, interfaces on which RIP is enabled.

  • "route" – displays a routing table. For more information about table content see the "Example" subsection.

  • "running-config" – shows a current router’s configuration, available in any mode.
  • "show thread cpu" – shows current cpu load. Filters can be used to display specific data (rwtex).
  • "version" – shows ARDA version.

debug level N

Adds RIP debug information to the system log.

  • "N" – possible log levels are from "0" (no information logged) to "255" (the most verbose logging).
configureAllows to enter the "RIP configure" mode.

RIP configure mode

stop (daemon|clear)

Stops the RIP daemon:

  • "daemon" – stops the RIP router
  • "clear" –  the router will clear its system configuration part before quitting ARIP CS.
access-list

Access lists are used in the router's configuration as filters, in addition, they are also used to set the matching conditions in the route map configuration. Access lists consist of an operators set. Each operator consists of a IP addresses range (matching conditions) and resulting action: "deny" or "permit". The IP addresses range is set in "<value> <mask>" form. The object to be filtrated has its basic parameter in the same format (IP address, subnet etc). To make a decision whether the object corresponds with a list, each operator from the list is consequently applied to the object basic parameter until this parameter satisfies the condition. When a right condition is met, the decision is made according to the record in the operator command.

While configuring, the operators are added to the end of the list. Thus, when filtering, the sequence of viewing access list operators is determined only by the sequence of their addition.

There are three access lists type in the RIP router.

  • Standard – is identified in ranges 1-99 and 1300-1999 and is used to evaluate one filtration objects parameter.
  • Extended – is identified in ranges 100-199 and 2000-2699 and is used to evaluate one filtration objects parameter (ex. source IP address and destination IP address).
  • Nominate – is similar to the standard, but is identified by a name. In addition, operators are configured in a "<value>/<mask length>" format.

For more information about managing access lists parameters see the "Filtration objects" subsection.

prefix-list

Prefix-lists, same as access lists, are used as filters in a router configuration and works on the same principles, however, they have a number of differences in the operators. First, besides the range and solution each operator can have also a sequential number (1-4294967295), which are used to sort the lists. It allows to manage the operators view sequence when filtering objects. If a sequential number is not specified the router sets it up automatically by adding 5 to the last operator number in a list. Thus, the operator will have the biggest number and will be placed in the end of the list. Secondly, the length mask can be used as the filtering condition.

  • "ge <0-32>" – sets the minimum mask length in range 0...32.
  • "le <0-32>" – sets the maximum mask length in range 0...32.
  • "ge <0-32> le <0-32>" – sets the allowed values range.

For more information about managing prefix-lists parameters see the "Filtration objects" subsection.

clear prefix-list WORDClear prefix-list with the "WORD" name.

key chain WORD

Allows to set a key that will be used for authentication. "WORD" – key chain name. After applying this parameter, CS will switch to the "RIP(config-keychain)#" mode, where it is possible to set the key identifier in the 0...2147483647 range. Following parameters can be also specified in the "RIP(config-keychain-key)#" mode:

  • "accept-lifetime" – sets the time period during which the authentication key in the key-chain is considered valid. Time is displayed in format: <HH:MM:SS>, <day(1-31)>, <month>, <year (1993-2035)>.
  • "key-string LINE" – sets md5 secret key, where "LINE" – text key.
  • "send-lifetime" – sets the sending valid key time period.

For more information see the "authentication" parameter of the "RIP config-if mode" subsection.

routerAllows to enter the "RIP config-router" mode. For more information see the "RIP config-router mode" subsection.
route-map WORD (deny|permit) <1-65535>

Allows to create the road-map. The ARIP command shell is switching to route-map configuration mode. 

  • "WORD" – route-map identifier.
  • "deny|permit" – a record resulting action.
  • "<1-65535>" – record number.

Route-map is a conditional records set. Records are viewed in order from first to last. Each record is decribed by following parameters:

  • It number in the map.
  • Resulting action:
    • "deny"  the route is denied, map’s records review is aborted and a resulting object is cancelled (link is not advertised);
    • "permit  all actions specified in the record are performed for a resulting object. Further, records viewing is stopped or, if specified in the scenario, it is resumed depending on the option specified in the scenario.
  • Actions to be done with a resulting object in case of its correspondence (assignments of the metric type and / or value to the link).
  • There are two versions of records review can be set in a scenario:
    • "on-match next";
    • "on-match goto <N>.

For more information about this mode see the "RIP config-route-map mode" subsection.

interface IFNAME

Entering the "config-if" mode. For more information about this mode see the "RIP config-if mode" subsection.

  • "IFNAME" – an interface to configure.

RIP config-router mode

network (A.B.C.D/M|WORD)

Enables RIP on the network interface.

  • "A.B.C.D/M" – network IP address with the subnet mask length. RIP will be enabled on the interface with network address matching with the specified network.
  • "WORD" – an interface name.
neighbor A.B.C.D

Allows to establish a direct link between routers, in cases if not all routers understand multiсast requests.

  • "A.B.C.D" – neighbor router IP address.
redistribute (kernel|connected|static|ospf) [metric <0-16777214>] [route-map WORD]

Allows router to advertise external links. Redistributed routes are classified by:

  • Specific protocol:
    • "ospf".
  • Type:
    • "kernel" – routes created by the kernel, except for the default route.
    • "connected" – directly connected routes.
    • "static" – static routes.
  • "metric <0-16777214>" – a link metric value.
  • "route-map WORD" – external routes can also be filtered using the route-map, for more information see "RIP config-route-map mode", "WORD" –  the route-map identifier.
distribute-list (WORD|prefix) (in|out) [WORD]

Allows to define criteria a router will use to advertise the link.

  • "WORD" – the access list identifier to which the destination of the system routing table record must match.
  • "prefix" – the prefix-list identifier to which the destination of the system routing table record must match.
  • "in|out" – if "in" value is specified, list is applied to incoming packets, if "out" – to outgoing.
  • "[WORD]" – a network interface name.

default-metric <1-16>

Allows to set the default metric value for all external channels. If default metric is not defined, it equals 1.
default-information originateBy default, in the "redistribute kernel" mode the router will not make an advertisement into system about having as a link to default gateway, even if it is clearly written in the routing table by the administrator. This parameter allows the default route advertisement.
route-map WORD (in|out) IFNAME

Enables a route map using on a specific interface.

  • "WORD" – previously created road-map name.
  • "in|out" – if "in" value is specified, list is applied to incoming packets, if "out" – to outgoing.
  • "IFNAME" – a network interface name.
timers basic update timeout garbage

Changes timers values.

  • "update" sets the complete routing table distribution periodicity to all neighboring RIP routers. The value is in seconds in range 5...2147483647, by default is 30.
  • "timeout" sets the time period after which the route is no longer considered valid. It remains in the routing table for some time to make neighboring routers understand that the route is no longer used. The value is in seconds in range 5...2147483647, by default is 180.
  • "garbage" – sets the time period after which the outdated routing information is removed from the routing table.
distance <1-255> [A.B.C.D/M]

Sets an administrative distance value in range 1...255 for routes from the specified source.

  • "A.B.C.D/M" source IP address, if not specified, the value is set for all sources.
offset-list WORD (in|out) [IFNAME]

Allows to change the incoming / outgoing routes metric.

  • "WORD" – the access list identifier.
  • "in|out" –  if "in" value is specified, list is applied to incoming packets, if "out" – to outgoing.
  • "IFNAME" – a network interface name, if not specified, the value is applied to the whole router.
passive-interface (IFNAME|default)

Allows to manage a routing information updates. Suppresses the routing updates over some interfaces, but allows to exchange updates through other interfaces in normal mode.

  • "IFNAME" – interfaces that will not be used to establish neighbor relationships or to send out routing updates.
  • "default" – the parameter will be applied to all router network interfaces.
route A.B.C.D/M 

Allows to configure static routes within the RIP module.

  • "A.B.C.D/M" – the source IP address.
version <1-2>Sets the RIP protocol version.

tagged

Enables the tag assignment mode.

RIP config-if mode

split-horizon [poisoned-reverse]

Enables "split horizon" algorithm at the device network interface. When the "split horizon" algorithm is enabled device doesn’t announce routes through an interface from which they were obtained, thus reducing the local routing cycles probability. "Split horizon" algorithm without "poisoned-reverse" parameter is enabled by default.

  • "poisoned-reverse"  if specified, device when removing the route, keep it for some time in the routing table and include in the standard distribution announcement with special reference so that neighboring routers realize that the route is no longer used. Route metric has the value 16 in this case.

authentication (key-chain LINE|mode (md5|text)|string LINE)

Sets authentication for the current interface, it allows to prevent an unauthorized routers connection to RIP system, the system has an identity check for protocol’s packets. By default, the router does not have any authentication (null-authentication).

  • "authentication mode (md5|text)" allows to select authentication mode. "text" simple password authentication. "md5" authentication with using of message-digest signatures check.
  • "string LINE" sets password for simple authentication. "LINE" – password, less than 16 symbols.
  • "key-chain LINE" sets md5 secret key. "LINE" – the secret MD5 key name, the key can be specified in the "key" parameter of the "ARIP config" mode.
description

Adds interface description.

send version (1|2|1 2)

Sets the RIP protocol version, which is used by current interface to send packets. This setting will work despite the global RIP settings ("version" parameter). Following values can be set: RIP-1/RIP-2/RIP-1 and RIP-2. By default, sends packets according to global settings (RIP-2).

receive version (1|2|1 2)Sets the RIP protocol version, for packets which are received by current interface. This setting will work despite the global RIP settings ("version" parameter). Following values can be set: RIP-1/RIP-2/RIP-1 and RIP-2. By default, receives packets according to global settings (RIP-1 and RIP-2).

RIP config-route-map mode

match address[(<1-199>|<1300-2699>|WORD)]|prefix-list WORD]|interface WORD|next-hop[(<1-199>|<1300-2699>|WORD)|prefix-list WORD]|metric <0-4294967295>|tag <0-65535>

Sets matching conditions for the imported route. For each record several conditions can be set. If several conditions are specified they are applied according to the "and" rule.

  • "address" – destination address matching, the condition will be fulfilled if the corresponding route parameter belongs to the specified filter list. Following filter lists can be specified:
    • "<1-199>|<1300-2699>|WORD" – access list name;
    • "prefix-list WORD" – prefix-list name.
  • "interface WORD" – matching of the network interface to which the route belongs, "WORD" – interface name.
  • "next-hop" – next-hop IP address matching, filter lists are specified same way as for destination address matching.
  • "metric" – matching of the metric value in range 0...4294967295, note, in RIP zone only values in range 0...16 is taken into account.
  • "tag" – matching of the tag value in range 0...65535.

set metric <0-4294967295>|next-hop A.B.C.D|tag <0-65535>

Sets link metric, next-hop and link tag values, If a route matches to all record’s rules.

  • "metric <0-4294967295>" – metric value in range 0...4294967295, note, in RIP zone only values in range 0...16 is taken into account.
  • "next-hop A.B.C.D" – next-hop IP address, only for RIP-2.
  • "tag" – tag value in range 0...65535. The label is assigned to the link in order to avoid cyclic route announcement from one zone to another.
on-match (goto <1-65535>)|next

Sets behavior scenario, if the route matches all conditions.

  • "on-match next" – reviewing continues from the next record to the current one;
  • "on-match goto <N>" – reviewing continues from the record with "N" number, it can never be before the current one.

CAUTION

In order for the route map to be used by current interface, the "route-map" parameter must be applied in the "RIP config-router" mode.

Filtration objects

Access lists

The following "config" mode parameters are used to create or modify access lists for a RIP router.

Standard list:

access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D
  • "(<1-99>|<1300-1999>)" – list identifier.
  • "(deny|permit)" – resulting action.
  • "A.B.C.D A.B.C.D" – IP address range in "<value> <mask>" form.

This parameter creates an operator in a standard access list. Value and mask define a range (criteria) for the operator. The mask defines those bits of the value which form the range. For example, in order to specify the range of IP address from 192.168.12.0 to 192.168.255, the "192.168.12.0" value and the "0.0.0.255" mask should be specified. For value and mask of 0.0.0.0 255.255.255.255 there is a key word "any". Commands below are equal.

RIP(config)# access-list 1 permit 0.0.0.0 255.255.255.255
RIP(config)# access-list 1 permit any

For the range which consists of only one address, the key word "host" is used. Commands below are equal.

RIP(config)# access-list 1 permit 192.168.12.150 0.0.0.0
RIP(config)# access-list 1 permit host 192.168.12.150

Extended list:

access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D
  • "(<100-199>|<2000-2699>)" – list identifier.
  • "(deny|permit)" – resulting action.
  • "A.B.C.D A.B.C.D" – source IP address range.
  • "A.B.C.D A.B.C.D" – destination IP address range.

Nominate list:

access-list WORD (deny|permit) A.B.C.D/M exact-match
  • "WORD" – list identifier.
  • "(deny|permit)" – resulting action.
  • "A.B.C.D/M" – IP address range.
  • "exact-match" – is used for the exact match of a parameter to the range.

Prefix-lists

prefix-list WORD seq <1-4294967295> (deny|permit) A.B.C.D/M ge <0-32> le <0-32>
  • "WORD" – list identifier.
  • "seq <1-4294967295>" – sequential number.
  • "(deny|permit)" – resulting action.
  • "A.B.C.D/M" – IP address range.
  • "exact-match" – is used for the exact match of a parameter to the range.

  • "ge <0-32> le <0-32>" – allowed mask values range.

Examples

Enable RIP on the interface with network IP address matching "4.7.8.0/24".

RIP(config-router)# network 4.7.8.0/24

Set authentication using a secret key. By using "key chain" parameter create the "TEST" key-chain with key identifier "123" and set the secret key value "TESTTEST".

RIP(config)# key chain TEST
RIP(config-keychain)# key 123
RIP(config-keychain-key)# key-string TESTTEST

Enable MD5 authentication mode and select secret key with "TESTTEST" name.

RIP(config-if)# authentication mode md5
RIP(config-if)# authentication key-chain TESTTEST

The "no" prefix is used to disable authentication.

RIP(config-if)# no authentication mode md5

Create such configuration for the "eth0" interface to allow packets which are routed in "10.0.0.0/8" network only. In the "config" mode create "private" nominate access list which allow "10.0.0.0/8" network IP addresses and deny all others. After that in "config-router" mode apply this list to the "eth0" interface.

RIP(config)# access-list private permit 10.0.0.0/8
RIP(config)# access-list private deny any
RIP(config-router)# distribute-list private in eth0

In the following configuration, the router advertises external links created from the system routing table "connected" routes. If a destination for this route is a "192.168.200.0/24" subnetwork, the formed link will have metric 7, any other destination will not lead to route advertising it.

RIP(config)# access-list AnyNetwork permit any
RIP(config)# access-list net200 permit 192.168.200.0/24
RIP(config)# route-map mapForConnected permit 10
RIP(config-route-map)# match address net200
RIP(config-route-map)# set metric 7
RIP(config-route-map)# route-map mapForConnected deny 11
RIP(config-route-map)# match address AnyNetwork
RIP(config-router)# redistribute connected route-map mapForConnected