- Table of Contents
-
- H3C S5500-SI Series Ethernet Switches Operation Manual-Release 1205-(V1.03)
- 00-1Cover
- 00-2Overview
- 01-Login Operation
- 02-Basic System Configuration and Maintenance Operation
- 03-File System Management Operation
- 04-VLAN Operation
- 05-QinQ-BPDU TUNNEL Operation
- 06-Port Correlation Configuration Operation
- 07-MAC Address Table Management Operation
- 08-MSTP Operation
- 09-IP Address and Performance Operation
- 10-IPv6 Configuration Operation
- 11-Routing Overview Operation
- 12-IPV4 Routing Operation
- 13-IPv6 Routing Operation
- 14-802.1x-HABP-MAC Authentication Operation
- 15-AAA-RADIUS-HWTACACS Operation
- 16-Multicast Protocol Operation
- 17-ARP Operation
- 18-DHCP Operation
- 19-ACL Operation
- 20-QoS Operation
- 21-Port Mirroring Operation
- 22-Cluster Operation
- 23-SNMP-RMON Operation
- 24-NTP Operation
- 25-DNS Operation
- 26-Information Center Operation
- 27-NQA Operation
- 28-SSH Terminal Service Operation
- 29-UDP Helper Operation
- 30-SSL-HTTPS Operation
- 31-PKI Operation
- 32-PoE-PoE Profile Operation
- 33-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
12-IPV4 Routing Operation | 267 KB |
Table of Contents
Chapter 1 Static Routing Configuration
1.1.3 Application of Static Routing
1.2.1 Configuration Prerequisites
1.2.2 Configuring Static Routes
1.3 Displaying and Maintaining Static Routes
1.4 Example of Static Routes Configuration
2.2.1 Configuring RIP Basic Function
2.3.1 Configuring additional routing metric
2.3.2 Configuring route summarization
2.3.3 Disabling the receiving of host routes
2.3.4 Configuring default route
2.3.5 Configuring route filtering
2.3.6 Configuring protocol priority
2.4 RIP Configuration Optimization
2.4.2 Configuring split horizon and poison reverse
2.4.3 Configuring RIP updating message validation
2.4.4 Configuring RIP-2 message authentication
2.5 Displaying and Maintaining RIP
2.7 Troubleshooting RIP Configuration
Chapter 3 Routing Policy Configuration
3.1 Introduction to Routing Policy
3.1.3 Routing Policy Application
3.3 Configuring a Routing Policy
3.3.1 Creating a Routing Policy
3.3.2 Defining if-match Clauses for the Routing Policy
3.3.3 Defining apply Clauses for the Routing Policy
3.4 Displaying and Maintaining the Routing Policy
3.5 Routing Policy Configuration Example
3.5.1 Applying Routing Policy When Redistributing IPv4 Routes
3.6 Troubleshooting Routing Policy Configuration
3.6.1 IPv4 Routing Information Filtering Failed
Chapter 1 Static Routing Configuration
& Note:
A router in this chapter refers to a generic router or a Layer 3 switch running routing protocols. To improve readability, this will not be described in the present manual again.
1.1 Introduction
1.1.1 Static Routing
A static route is a special route that is manually configured by the network administrator. If a network is relatively simple, you only need to configure static routes for the network to work normally. The proper configuration and usage of static routes can improve a network’s performance and ensure bandwidth for important network applications.
The disadvantage of static routing is that, if a fault or a topological change occurs to the network, the route will be unreachable and the network breaks. In this case, the network administrator has to modify the configuration manually.
1.1.2 Default Routes
A default route is a special static route.
Generally, a router selects the default route only when it cannot find any matching entry in the routing table. In a routing table, the default route is in the form of the route to the network 0.0.0.0 (with the mask 0.0.0.0). You can check whether a default route has been configured by running the display ip routing-table command.
1.1.3 Application of Static Routing
You need to be familiar with the following contents while configuring static routes:
1) Destination address and masks
In the ip route-static command, the IPv4 address is in dotted decimal format and the mask can be in either dotted decimal format or the mask length (the digits of consecutive 1s in the mask).
2) Output interface and the next hop address
While configuring static routes, you can specify either the output interface or next hop address. Whether you should specify the output interface or the next hop address depends on the specific occasion.
In fact, all the route entries must specify the next hop address. While forwarding a packet, the corresponding route is determined by searching the routing table for the packet’s destination address. Only after the next hop address is specified, the corresponding link-layer address can be found for the link-layer to forward the packet.
3) Other attributes
You can configure different preferences for different static routes for the purpose of easy routing management policy. For example, while configuring multiple routes to the same destination, using identical preference allows for load sharing while using different preference allows for routing backup.
& Note:
S5500-SI series do not support load sharing.
1.2 Configuring Static Route
1.2.1 Configuration Prerequisites
Before configuring a static route, you need to finish the following tasks:
l Configuring the physical parameters for relative interfaces
l Configuring the link-layer attribute for relative interfaces
l Configuring the IP address for relative interfaces
1.2.2 Configuring Static Routes
Follow these steps to configure a static route:
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Configure a static route |
ip route-static ip-address { mask | mask-length } { [ vlan-interface vlan-id ] nexthop-address | NULL interface-number } [ preference preference | description description-info | tag tag-value ]* |
Required |
Configure the default preference for a static route |
ip route-static default-preference default-preference-value |
Optional The preference is 60 by default. |
& Note:
l While configuring a static route, it will use the default preference if no value is specified. After resetting the default preference, it is valid only for the newly created static route.
l The description text can describe the usage and function of some specific routes, thus make it easy for you to classify and manage different static routes.
l You can easily control the routes by using the tag set in the routing policy.
l While running the ip route-static command to configure static, configuring all-zero destination address and mask specifies using the default route.
1.3 Displaying and Maintaining Static Routes
After the configuration, you can run the display command in any view to display the running status and configuration effect of the static route configuration.
You can use the delete command in the system view to delete all the static routes configured.
Follow these steps to display and maintain a static route:
Operation |
Command |
Display the summary of the IP routing table |
display ip routing-table |
Display the details of the IP routing table |
display ip routing-table verbose |
Display the information of a static route |
display ip routing-table protocol static [ inactive | verbose ] |
Delete all static routes |
delete static-routes all |
& Note:
You can use the undo ip route-static demand in the system view to delete a static route, and use the delete state-routes all demand in the system view to delete all the static routes configured (including the default IPv4 routes configured manually) at the same time.
1.4 Example of Static Routes Configuration
I. Network requirements
The switches’ interfaces and the hosts’ IP addresses and masks are shown in the following figure. It requires static routes to connect the hosts for inter-communication.
II. Network diagram
Figure 1-1 Network diagram for static routes
III. Configuration procedure
1) Configuring the interfaces’ IP addresses
Omitted.
2) Configuring the static route
# Configure a default route on SwitchA.
<SwitchA> system-view
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
# Configure two static routes on SwitchB.
<SwitchB> system-view
[SwitchB] ip route-static 1.1.1.0 255.255.255.0 1.1.4.1
[SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.4.6
# Configure a default route on SwitchC.
[Switch B<SwitchC> system-view
[SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.4.5
3) Configure the hosts
The default gateways for the three hosts PC1, PC2 and PC3 are configured as 1.1.1.1, 1.1.2.1 and 1.1.3.1 respectively.
4) Display the configuration result
# Display the IP route table of SwitchA.
[SwitchA]display ip routing-table
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 1.1.4.2 Vlan100
1.1.1.0/24 Direct 0 0 1.1.1.1 Vlan200
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
1.1.4.0/30 Direct 0 0 1.1.4.1 Vlan100
1.1.4.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
# Use the ping command to check the connectivity.
[SwitchA] ping 1.1.3.1
PING 1.1.3.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.3.1: bytes=56 Sequence=1 ttl=254 time=62 ms
Reply from 1.1.3.1: bytes=56 Sequence=2 ttl=254 time=63 ms
Reply from 1.1.3.1: bytes=56 Sequence=3 ttl=254 time=63 ms
Reply from 1.1.3.1: bytes=56 Sequence=4 ttl=254 time=62 ms
Reply from 1.1.3.1: bytes=56 Sequence=5 ttl=254 time=62 ms
--- 1.1.3.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/62/63 ms
# Use the tracert command to check the connectivity.
[SwitchA] tracert 1.1.3.1
traceroute to 1.1.3.1(1.1.3.1) 30 hops max,40 bytes packet, press CTRL_C to break
1 1.1.4.2 31 ms 32 ms 31 ms
2 1.1.4.6 62 ms 63 ms 62 ms
Chapter 2 RIP Configuration
& Note:
The term "router" in this document refers to a router in a generic sense or a Layer 3 switch. To improve readability, this will not be described in the present manual again.
2.1 RIP Overview
RIP is a simple Interior Gateway Protocol (IGP), which is mainly used in small-size networks, such as academic networks and simple structured LANs.
RIP is still widely used in practical networking due to its simple implementation, and easier configuration and maintenance than OSPF and IS-IS.
2.1.1 RIP Mechanism
I. Basic concept of RIP
RIP is a distance-vector-based routing protocol, using UDP messages for exchanging information on port 520.
RIP uses a routing metric (Hop Count) to measure the distance to the destination. The Hop Count value of a router to its directly connected network is 0. Networks which are reachable through one other router are one hop etc. To reduce the convergence time, RIP limits the metric value from 0 to 15. It is considered infinity if the value is equal or larger than 16, which means the destination network is unreachable. That is why RIP cannot be used in large scale networks.
RIP prevents routing loops by implementing Split Horizon and Poison Reverse functions.
II. RIP routing table
Each RIP router has a routing table, containing routing entries of all reachable destinations.
l Destination address: the IP address of a host or a network.
l Next hop: IP address of the adjacent router to the destination network.
l Interface: The interface for forwarding
l Metric: Cost from the local router to the destination
l Routing time: The amount of time since the entry was last updated. The time is reset to 0 when the routing entry is updated every time.
l Route change tag: Indicates that the information about this route has changed.
III. RIP timers
RIP uses four timers to control its operation. They are Update, Timeout, Suppress, and Garbage-Collect.
l Update timer triggers sending new update messages periodically.
l Timeout timer controls the validity of a route. A route is considered as unreachable when the RIP router does not receive update messages within the aged time from any neighbor.
l Suppress timer. A route changes to the suppress status when no updated messages are send within the timeout-value or the metric value reaches 16. In the suppress status, the router only accepts update messages with the metric value less than 16 and from the same neighbor to replace the unreachable route.
l Garbage-Collect timer. The period from the metric value of a route reaches 16 to the route is purged from the table is defined as the garbage collection time in RFC. During the Garbage-Collect time, RIP keeps advertising the route with a metric value of 16. Once the Garbage-Collect time expires and the route is not updated, the route is deleted from the table.
IV. RIP initialization and running procedure
Following procedures describe how RIP works.
1) After enabling RIP, the router sends Request messages to neighboring routers. Neighboring routers return Response messages including all information about the routing table.
2) The router updates its local routing table, and broadcasts the routing updates to its neighbors with triggered updating messages. All routers on the network do the same to keep the latest routing table.
In RIP, the routing table on each router is updated upon receipt of RIP messages periodically advertised by neighboring routers. The aged routes are deleted to make sure routes are always valid. The procedure is as follows: RIP periodically advertises the local routing table to neighboring routers, which update their local routes upon receipt of the packets. This procedure repeats on all RIP-enabled routers.
V. Routing loops prevention
RIP is a D-V based routing protocol. Each router calculates the distance to a destination based on the routing information from its neighbors. When a connection to a destination goes down, there is no way for the router on that connection to notify the others about its metric changes. The other routers still use the old routing information to calculate the distance to that destination. Therefore, routing loops can occur in this case.
RIP uses the following mechanisms to prevent routing loops.
l Counting to infinity. The metric value of 16 is defined as infinity. When a routing loop occurs, the route is considered as unreachable when the metric value reaches 16.
l Split Horizon. The router does not send the routing table to neighboring routers via the same interface on which it receives. Split Horizon can definitely prevent routing loops and save the bandwidth.
l Poison Reverse. The router sends routing tables through the same interface from which the tables are received with a metric value of 16 (means infinite). This method can remove useless information in routing tables of neighboring routers.
l Triggered Updates. Each router sends out its new routing table as long as it receives an update, rather than waiting until the usual update period expires. This can speed up the network convergence.
2.1.2 RIP Version
RIP has two versions: RIP-1 and RIP-2.
RIP-1, a Classful Routing Protocol, supports broadcasting protocol messages. RIP-1 protocol messages do not carry mask information, which means it can only recognize routing information on segments with natural addresses such as Class A, B, and C. That is why RIP-1 does not support routing convergence and Discontiguous Subnet.
RIP-2 is a Classless Routing Protocol. Compared with RIP-1, RIP-2 has the following advantages.
l Supports Route Tag. The Route Tag is intended to differentiate the internal RIP routes from the external RIP routes.
l Supports masks, route summarization and CIDR (Classless Inter-Domain Routing).
l Supports next hop, which must be directly reachable on the broadcast network.
l Supports multicasting to reduce unnecessary load on hosts that do not need to listen to RIP-2 messages.
l Supports authentication to enhance security. Plain text authentication and MD5 (Message Digest 5) are two authentication methods.
& Note:
RIP-2 has two types of message transmission: broadcasting and multicasting. Multicasting is the default type using 224.0.0.9 as the multicast address. The interfaces running RIP-2 broadcasting can also receive RIP-1 messages.
2.1.3 RIP Message Format
I. RIP-1 message format
A RIP message consists of Header and Route Entries which can be up to 25.
The format of RIP-1 message is shown in Figure 2-1.
Figure 2-1 RIP-1 Message Format
l Command: The type of message. 1 indicates Request, 2 indicates Response.
l Version: The version of RIP. RIP-1 is 0x01.
l AFI (Address Family Identifier): The family of protocol. 2 is for IP.
l IP Address: IP address of the destination. Only natural addresses are acceptable here.
l Metric: The cost of the route.
II. RIP-2 message format
The format of RIP-2 message is similar with RIP-1. Figure 2-2 shows it.
Figure 2-2 RIP-2 Message Format
The differences from RIP-1 are stated as following.
l Version: The version of RIP. For RIP-2 the value is 0x02.
l Route Tag: An attribution to indicate from where the routes are imported.
l IP Address: The destination IP address. It could be a natural address, subnet address or host address.
l Subnet Mask: Mask of the destination address.
l Next Hop: The address of the best next hop. 0.0.0.0 indicates that the originator of the route is the best next hop.
III. RIP-2 authentication
RIP-2 supports plain text authentication, which uses the first Route Entry for authentication. The value of 0xFFFF indicates that the entry is authentication information rather than routing information. See Figure 2-3
Figure 2-3 RIP-2 Authentication Message
l Authentication Type: 2 represents plain text authentication, while 3 represents MD5.
l Authentication: The actual authentication data. It includes the password information when using plain text authentication.
& Note:
RFC 1723 only defines plain text authentication. For information about MD5 authentication, see RFC2082 “RIP-2 MD5 Authentication”.
2.1.4 RIP Feature Supported
Currently, S5500-SI Series Ethernet Switches support the following RIP features.
l RIP-1
l RIP-2
2.1.5 RIP Related RFC
l RFC 1058: Routing Information Protocol
l RFC 1723: RIP Version 2 - Carrying Additional Information
l RFC 1721: RIP Version 2 Protocol Analysis
l RFC 1722: RIP Version 2 Protocol Applicability Statement
l RFC 1724: RIP Version 2 MIB Extension
l RFC 2082: RIP-2 MD5 Authentication
2.2 RIP Basic Configuration
Before configuring RIP features, please first configure IP address on each interface, and make sure all routers are reachable.
2.2.1 Configuring RIP Basic Function
I. Enabling RIP and specify networks
Follow these steps to enable RIP:
Command |
Description |
|
Enter system view |
system-view |
–– |
Enable RIP and enter RIP view |
rip [ process-id ] |
–– |
Enable RIP on specified network |
network network-address |
Required Disabled by default |
& Note:
l If you perform some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled.
l The router does not send, receive or forward any routing information if you do not enable RIP on that network.
l You can enable RIP on all interfaces of the network by using the network 0.0.0.0 command.
II. Configuring the interface behavior
Follow these steps to configure interface behavior:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Stop routing updates on interfaces |
silent-interface { all | interface-type interface-number } |
Optional All interfaces can receive routing updates by default |
Return to system view |
quit |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Configure an interface to receive routing updates |
rip input |
Optional By default, the router receives and send RIP messages |
Configure an interface to send routing updates |
rip output |
& Note:
Stopping routing updates means that the router receives routing updates without forwarding them.
III. Configuring the RIP version
Follow these steps to configure the RIP version:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Specify a global RIP version |
version { 1 | 2 } |
Optional RIP-1 by default |
Return to system view |
quit |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Specify a RIP version on the interface |
rip version { 1 | 2 [ broadcast | multicast ] } |
Optional By default, the router receives RIP-1 and RIP-2 messages, but only sends RIP-1 messages. If the RIP version is 2, you can specify the message is broadcast or multicast. |
& Note:
If the RIP version specified on the interface and the global RIP version are inconsistent, the RIP version specified on the interface is used.
If no RIP version is specified on the interface, the global RIP version is used.
2.3 RIP Route Control
In some complex network environments, you need to make the RIP configuration more precise.
Before configuring RIP routing information, finish the following tasks first:
l Configure IP address on each interface, and make sure all routers are reachable.
l Configure basic RIP functions
2.3.1 Configuring additional routing metric
To increase the value of routing metrics, you can add a value to the incoming or outgoing routing metric learned by RIP.
Follow these steps to configure additional routing metrics:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Define an additional routing metric for incoming routes |
rip metricin value |
Optional 0 by default |
Define an additional routing metric for outgoing routes |
rip metricout value |
Optional 1 by default |
& Note:
rip metricout is only applied to its own routing and those learned by RIP. For those imported from other routing protocols, this command is not applicable.
2.3.2 Configuring route summarization
The route summarization is that subnet routes in a natural network are summarized until the whole network is advertised as a single natural mask route. This function can reduce the size of the routing tables so that to reduce the network load.
RIP-1 does not support route summarization. So when RIP-2 is running, you need to disable the route summarization function if you want to advertise all subnet routes.
I. Enable RIP-2 automatic route summarization
Follow these steps to configure RIP route summarization:
Command |
Description |
|
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Enable RIP-2 automatic route summarization |
summary |
Optional Enabled by default |
II. Assign a summary IP address
Follow these steps to assign a summary IP address:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Disable RIP-2 automatic route summarization |
undo summary |
Optional Enabled by default |
Return to system view |
quit |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Assign an IP address and network mask for the summarized routes to be advertised |
rip summary-address ip-address network-{ mask | mask-length } |
Optional |
2.3.3 Disabling the receiving of host routes
In some cases, the router can get lots of routing information from the same network hosts, which are not helpful for routing but taking large of the network resources. After disabling the host route function, the router discards the host route information.
Follow these steps to configure host route:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Disabling the receiving of host routes |
undo host-route |
Optional Enabled by default |
2.3.4 Configuring default route
Follow these steps to configure RIP default route:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Configure a RIP default route |
default-route originate cost value |
Required |
2.3.5 Configuring route filtering
Route filtering is supported by the router. You can filter incoming and outgoing routes by setting the inbound and outbound filter policies in the access list and IP address prefixes list. You can also specify the incoming routes from particular neighbors.
Follow these steps to configure route filtering:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Define the filtering policy |
filter-policy { acl-number | [ ip-prefix ip-prefix-name ][ gateway ip-prefix-name ] | gateway ip-prefix-name } import [ interface-type interface-number ] |
Required |
Define the filtering policy for the redistributed route |
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-id ] | interface-type interface-number ] |
Optional |
2.3.6 Configuring protocol priority
Follow these steps to configure protocol priorities:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Set the protocol priority |
preference [ route-policy route-policy-name ] value |
Optional 100 by default |
2.3.7 Redistributing route
Follow these steps to import exterior route:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Define a value for the default cost of the imported route |
default-cost value |
Optional If no value is set during importing, use this default value as the route cost. |
Import a route |
import-route protocol [ process-id ] [ cost cost-value | route-policy route-policy-name | tag tag-value ]* |
Required |
& Note:
When advertising routing information, you can set the protocol parameter to filter those routing information imported from other protocols. If the no protocol parameter is set, all routing information including RIP routes (directly connected routes) and imported routes are advertised.
2.4 RIP Configuration Optimization
In special network environment, you need to configure some other RIP features to optimize the network performance.
Finish the following tasks before starting RIP optimization.
l Configure network addresses on interfaces, make sure neighboring nodes are reachable
l Configure RIP basic functions.
2.4.1 Configuring RIP timer
Follow these steps to configure the RIP timer:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Assign a value to each timer |
timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } |
Optional By default, 30s for update timer, 180s for timeout timer, 120s for Suppress timer, 240s for Garbage-collect timer |
& Note:
When configuring the values of RIP timers, you should take network performance into consideration and perform consistent configuration on all routers running RIP to avoid unnecessary network traffic and network route oscillation.
2.4.2 Configuring split horizon and poison reverse
Follow these steps to configure split horizon and poison reverse:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Enable split horizon |
rip split-horizon |
Optional |
Enable poison reverse |
rip poison-reverse |
Optional |
& Note:
If both are enabled, routers only use poison reverse.
2.4.3 Configuring RIP updating message validation
Some fields in RIP-1 message must be zero, which is called zero fields. The RIP-1 message is not processed if the value in the zero field is not zero.
The RIP router checks the source address when receiving messages. For messages received on the Ethernet interface, if the source address and the router’s interface address are not in the same network, the router discards the message.
Follow these steps to configure RIP updating message check
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Configure zero field check for RIP-1 message |
checkzero |
Optional Enabled by default |
Configure source address validation |
validate-source-address |
Optional Enabled by default |
& Note:
l This zero field check configuration is invalid for RIP-2.
l Disable the source address validation when RIP is not running on the neighboring routers.
2.4.4 Configuring RIP-2 message authentication
RIP-2 supports two authentication modes: plain text and MD5.
In plain text authentication, the authentication information is sent with the RIP message, which cannot provide high security guarantee.
Follow these steps to configure RIP-2 message authentication
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter interface view |
interface interface-type interface-number |
–– |
Configure RIP-2 authentication mode |
rip authentication-mode { simple password | md5 { rfc2082 key-string key-id | rfc2453 key-string } } |
If the authentication mode is MD5, you must specify the message type defined in either RFC 2453 or RFC 2082. |
2.4.5 Configuring RIP peer
Follow these steps to configure RIP peer:
Operation |
Command |
Description |
Enter system view |
system-view |
–– |
Enter RIP view |
rip [ process-id ] |
–– |
Configure RIP peer |
peer ip-address |
No peer is defined by default |
Disable source address validation |
undo validate-source-address |
Required Enabled by default |
l Usually, RIP broadcast or multicast messages.
l In normal condition, it is not recommended to use peer command. The peer might get the same message by multicast (broadcast) and unicast. You are recommended to set the related interfaces to silent mode in combination of this command.
l The undo validate-source-address command is required if neighboring routers which are defined by peer command are not directly connected with the local router.
2.5 Displaying and Maintaining RIP
Command |
Description |
|
Display RIP current status and configuration information |
display rip [ process-id | |
Available in any view |
Display RIP database |
display rip process-id database |
|
Display RIP interface information |
display rip process-id interface [ interface-type interface-number ] |
|
Display active and inactive RIP routes |
display rip process-id route |
|
Display RIP routing table |
display rip process-id route [ statistics | ip-address mask | peer ip-address ] |
|
Clear statistic data maintained by certain RIP processes |
reset rip process-id statistics |
Available in user view |
2.6 RIP Configuration Example
2.6.1 Configuring RIP Version
I. Network requirements
As shown in Figure 2-4, enable RIP-2 on all interfaces on Switch A and Switch B.
II. Network diagram
Figure 2-4 Network diagram for RIP configuration
III. Configuration procedure
1) Configure IP address for each interface (only the VLAN configuration procedures are given in the following examples)
# Configure SwitchA.
<SwitchA> system-view
[SwitchA] vlan 100
[SwitchA-vlan100]quit
[SwitchA]interface GigabitEthernet 1/0/1
[SwitchA-GigabitEthernet1/0/1]port access vlan 100
[SwitchA-GigabitEthernet1/0/1]quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ip-address 192.168.1.1 24
# Configure SwitchB.
<SwitchB> system-view
[SwitchB] vlan 100
[SwitchB-vlan100]quit
[SwitchB]interface GigabitEthernet 1/0/1
[SwitchB-GigabitEthernet1/0/1]port access vlan 100
[SwitchB-GigabitEthernet1/0/1]quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ip-address 192.168.1.2 24
2) Configure basic RIP function
# Configure SwitchA.
<SwitchA> system-view
[SwitchA] rip
[SwitchA-rip-1] network 192.168.1.0
[SwitchA-rip-1] network 172.16.0.0
[SwitchA-rip-1] network 172.17.0.0
# Configure SwitchB.
<SwitchB> system-view
[SwitchB] rip
[SwitchB-rip-1] network 192.168.1.0
[SwitchB-rip-1] network 10.0.0.0
# Display routing table of SwitchA.
<SwitchA> display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect --------------------------------------------------------------------------
Peer 192.168.1.2 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
10.0.0.0/8 192.168.1.2 1 0 RA 15
From the routing table, you can see RIP-1 use natural mask.
3) Configure RIP version
# Configure RIP-2 of SwitchA.
<SwitchA> system-view
[SwitchA] rip
[SwitchA-rip-1] version 2
# Configure RIP-2 on SwitchB.
<SwitchB> system-view
[SwitchB] rip
[SwitchB-rip-1] version 2
[SwitchB-rip-1] undo summary
# Display routing table on SwitchA.
<SwitchA> display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect -------------------------------------------------------------------------
Peer 192.168.1.2 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
10.2.1.0/24 192.168.1.2 1 0 RA 15
10.1.1.0/24 192.168.1.2 1 0 RA 15
From the routing table, you can see RIP-2 use classless subnet mask.
& Note:
Due to the long aging time of the routing information, RIP-1 routing information can exist in the routing table after RIP-2 is configured.
2.7 Troubleshooting RIP Configuration
Symptom 1:
The device cannot get any RIP updating messages with all connections are alive.
Analysis:
After enabling RIP, make sure you use the network command to enable corresponding interfaces. If the interface behavior is configured, make sure you do not disable the interface or forbid receiving and forwarding RIP messages.
If RIP messages are multicast on the other end of the router, multicast should be used on the local router as well.
Solution:
l Use the display current-configuration command to check RIP configuration.
l Use the display rip command to check the interface is enabled.
Symptom 2:
With all connections alive, route shaking happens, which means that sometimes you cannot see some of the routes in the routing table.
Analysis:
In the RIP network, make sure all timers within the whole network are set to coordinate each other. For example, the timeout value should be greater than the update value.
Solution:
l Use the display rip command to check the configuration of RIP timers
l Use the timers command to adjust timers where appropriate.
Chapter 3 Routing Policy Configuration
The term router in this document refers to a router in a generic sense or a Layer 3 switch. To improve readability, this will not be described in the present manual again.
3.1 Introduction to Routing Policy
3.1.1 Routing Policy
By modifying route attributes (including reachability), routing policy is adopted to change routing paths for network traffic.
When distributing or receiving routing information, a router can apply some policy to filter routing information, for example, a router handles only routing information that matches some rules, or a routing protocol redistributes from other protocols only routes matching some rules and modifies some attributes of these routes to satisfy its needs.
To implement routing policy, first define the features of routing information, namely, a set of matching rules. You can make definitions according to attributes in routing information, such as destination address, advertising router’s address. The matching rules can be set beforehand and then apply them to a routing policy for route distribution, reception and redistribution.
3.1.2 Filters
Routing protocols can use three filters: ACL, IP prefix list and route policy.
I. ACL
When defining an ACL, you can specify IP addresses and subnet segments for matching destinations or next hops of routing information.
II. IP prefix list
IP-prefix list plays a role similar to ACL, but it is more flexible than ACL and easier to understand. When IP-prefix list is applied for routing information filtering, its matching object is the destination address information field of routing information. Moreover, you can specify the gateway option to specify that only routing information advertised by certain routers will be received.
An IP-prefix list is identified by the IP-prefix list name. Each IP-prefix list can comprise multiple items, and each item, which is identified by an index number, can specify a matching range in network prefix format. The index number indicates the matching sequence in the IP-prefix list.
During matching, a router checks list items identified by index number in ascending order. If an item is matched, the IP-prefix list filtering is passed, without the need of matching the next item.
III. Routing policy
A routing policy is used for matching some attributes in given routing information and modifying the attributes of the information if matching conditions are satisfied. A routing policy can utilize the above filters to define its own matching rules.
A routing policy can comprise multiple nodes, which are in logic OR relationship. Each node is a matching unit, and the system checks nodes in the order of node sequence number. Once the matching test of a node is passed, the route-policy is passed without needing to match other nodes.
Each node comprises a set of if-match and apply clauses. The if-match clauses define the matching rules. The matching objects are some attributes of routing information. The different if-match clauses on the same node is in logic AND relationship. Only when the matching conditions specified by all the if-match clauses on a node are satisfied, can routing information passes the matching test of the node. The apply clauses specify the actions performed after the node matching test passed, concerning the attribute settings for the routing information.
3.1.3 Routing Policy Application
Routing policy applies in two ways:
l When redistributing routes from other routing protocols, a routing protocol redistributes only routes matching rules defined in a routing policy.
l When receiving or advertising routing information, a routing protocol uses a routing policy to filter routing information.
3.2 Defining IPv4 Prefix List
Before configuring this task, prepare the following data:
l IP-prefix list name
l Matching address range
Identified by name, each IPv4 prefix list can comprise multiple items. Each item specifies a matching address range in the form of network prefix, which is identified by index number. For example, the following IPv4 prefix list named abcd:
ip ip-prefix abcd index 10 permit 1.0.0.0 8
ip ip-prefix abcd index 20 permit 2.0.0.0 8
During matching, the system checks list items identified by index number in the ascending order. If one item matched, IP-prefix list filtering is passed, without needing to match other items.
To define an IPv4 prefix list, use the following commands:
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Define an IPv4 prefix list |
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal min-mask-length | less-equal max-mask-length ] |
Required Not defined by default |
& Note:
If all items are set to the deny mode, no route can pass the IPv4 prefix list. It is recommended to define the permit 0.0.0.0 0 less-equal 32 item following multiple deny mode items to allow other IPv4 routing information to pass.
If more than one ip-prefix item is defined, the match mode of at least one item should be the permit mode.
3.3 Configuring a Routing Policy
Routing policy is used to match attributes in given routing information, and modify some attributes of the routing information after rules satisfied. Matching rules can be configured using filters above mentioned.
A routing policy can comprise multiple nodes, each node contains:
l if-match clauses: define the matching rules routing information must satisfy. The matching objects are some attributes of routing information.
l apply clauses: specifies the actions performed after specified matching rules satisfied, concerning attribute settings for passed routing information.
Before configuring this task, you have completed:
l Filtering list configuration
l Routing protocol configuration
You also need to decide on:
l Name of routing policy, node sequence numbers
l Matching rules
l Attributes to be modified
3.3.1 Creating a Routing Policy
To create a routing policy, use the following commands:
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
& Note:
l If a node is specified as permit mode using permit, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match the next node. If routing information does meet the node’s conditions, it will go to the next node for matching.
l If a node specified as deny mode using deny, the apply clauses of the node will not be executed. When routing information meets all if-match clauses, it cannot pass the node, nor can it go to the next node. If route information cannot meet some if-match clause of the node, it will go to the next node for matching.
l When a routing policy defined with more than one node, at least one node should be configured using the permit keyword. If the routing policy is applied for filtering routing information, routing information that does not meet any node’s conditions cannot pass the routing policy. If all nodes of the routing policy are set using the deny keyword, no routing information can pass it.
3.3.2 Defining if-match Clauses for the Routing Policy
To define if-match clauses for a route-policy, use the following commands:
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
Match route cost of routing information |
if-match cost value |
Optional Not configured by default |
Match outbound interface of routing information |
if-match interface { interface-type interface-number }&<1-16> |
Optional Not configured by default |
Define if-match clauses to match IPv4 routing information(source/destination address, next hop) |
if-match ip { next-hop | route-source } { acl acl-number | ip-prefix ip-prefix-name } |
Optional Not configured by default |
Match the tag of RIP route |
if-match tag value |
Optional Not configured by default |
& Note:
l The if-match clauses of a route-policy are in logic AND relationship, namely, routing information has to satisfy all if-match clauses before executed with apply clauses.
l If no if-match clause specified, all routing information can pass the node.
l You can specify no if-match clause or multiple if-match clauses for a node.
3.3.3 Defining apply Clauses for the Routing Policy
To define apply clauses for a route-policy, use the following commands:
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Create a routing policy and enter its view |
route-policy route-policy-name { permit | deny } node node-number |
Required Not created by default |
Set the cost of routing information |
apply cost [ + | - ] value |
Optional Not set by default |
Set the next hop for IPv4 routing information |
apply ip-address next-hop ip-address |
Optional Not set by default |
Set routing protocol preference |
apply preference preference |
Optional Not set by default |
Set the tag field of routing information |
apply tag value |
Optional |
& Note:
The next hop set using the apply ip-address next-hop command does not take effect for route redistribution.
3.4 Displaying and Maintaining the Routing Policy
Operation |
Command |
Description |
Display IPv4 prefix list statistics |
display ip ip-prefix [ ip-prefix-name ] |
Available in all views |
Display routing policy information |
display route-policy [ route-policy-name ] |
|
Clear IPv4 prefix list statistics |
reset ip ip-prefix [ ip-prefix-name ] |
Available in user view |
3.5 Routing Policy Configuration Example
3.5.1 Applying Routing Policy When Redistributing IPv4 Routes
I. Network Requirements
l Switch A and Switch B communicate with each other, both using RIP.
l Configure RIP process and static routes on Switch A.
l Apply a routing policy when redistributing static routes, redistributing routes in 20.0.0.0/8 and 40.0.0.0/8 and filtering routes in 30.0.0.0/8
l Display RIP routing table information on Switch B to verify the configuration.
II. Network diagram
Figure 3-1 Network diagram for routing policy application to route redistribution
III. Configuration procedure
1) Configure SwitchA.
# Configure IP addresses for interfaces.
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ip address 10.0.0.1 255.0.0.0
[SwitchA-Vlan-interface100] quit
[SwitchA] interface vlan-interface 200
[SwitchA-Vlan-interface200] ip address 12.0.0.1 255.0.0.0
[SwitchA-Vlan-interface200] quit
# Configure three static routes.
[SwitchA] ip route-static 20.0.0.1 255.0.0.0 12.0.0.2
[SwitchA] ip route-static 30.0.0.1 255.0.0.0 12.0.0.2
[SwitchA] ip route-static 40.0.0.1 255.0.0.0 12.0.0.2
# Enable RIP.
[SwitchA] rip
[SwitchA-rip-1]network 10.0.0.0
[SwitchA-rip-1] quit
# Configure an ACL.
[SwitchA] acl number 2000
[SwitchA-acl-basic-2000] rule deny source 30.0.0.0 0.255.255.255
[SwitchA-acl-basic-2000] rule permit source any
[SwitchA-acl-basic-2000] quit
# Configure a routing policy.
[SwitchA] route-policy ospf permit node 10
[SwitchA-route-policy] if-match acl 2000
[SwitchA-route-policy] quit
# Apply the routing policy for static route redistribution.
[SwitchA] rip
[SwitchA-rip-1] import-route static route-policy rip
2) Configure Switch B.
# Configure IP addresses for interfaces.
<SwitchB> system-view
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ip address 10.0.0.2 255.0.0.0
[SwitchB-Vlan-interface100] quit
# Enable RIP.
[SwitchB] rip
[SwitchB-rip-1] network 10.0.0.0
# Display RIP routing table information to verify the configuration on Switch B.
<SwitchB>display rip 1 route
Route Flags: R - RIP, T - TRIP
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect --------------------------------------------------------------------------
Peer 10.0.0.1 on Vlan-interface100
Destination/Mask Nexthop Cost Tag Flags Sec
40.0.0.0/8 10.0.0.1 1 0 RA 29
20.0.0.0/8 10.0.0.1 1 0 RA 29
3.6 Troubleshooting Routing Policy Configuration
3.6.1 IPv4 Routing Information Filtering Failed
I. Symptom
Filtering routing information failed, while routing protocol runs normally.
II. Analysis
At least one item of the IP prefix list should be configured as permit mode, and at least one node in the Route-policy should be configured as permit mode.
III. Processing procedure
1) Use the display ip ip-prefix command to display IP prefix list.
2) Use the display route-policy command to display route policy information.