Le [2009-09-20] à 06:26:59
Présentation : In this post i'm going to describe how to configure RIP as a routing protocol. I'll be using the network layout as shown below. Router 1 R1 FastEthernet 0 0 - 192.168.1.1 24loopback 0 - 172.16.10.0 24 Router 2 R2 FastEthernet 0 0 - 192.168.1.2 24FastEthernet 1 0 - 192.168.2.1 24 Router 3 R3 FastEthernet 0 0 - 192.168.2.2 24 About RIP First a bit about RIP. RIP is a distance vector dynamic routing protocol. That means it populates its routing table based on the routing updates its recieves from it's neighbors and it calculates the best path based on distance or hops . RIP comes in 2 versions, version 1 and version 2. RIP V1 has been around since the late 60's, is classless meaning it doesnt send subnet information, it has no authentication and it works by broadcasting the routes it knows about every 30 seconds. RIP V2 is classfull, supports authentication and uses multicast 184.108.40.206 . RIP is non-proprietry so it is supported on a range of equipment and not just cisco. RIP V1 and V2 both have an administrative distance of 120. Configuring RIP Okay, now the fun part. I'll be setting up RIP V2 in this post.The way RIP works is I enable it on my router, tell it to use version 2, and tell it what networks to advertise. To start with lets see what routes R1 knows already R1 show ip routeC 172.16.10.0 is directly connected, Loopback0C 192.168.1.0 24 is directly connected, FastEthernet0 0 Okay, so it knows about the directly connrected routes. What about R3 R3 show ip routeC 192.168.2.0 24 is directly connected, FastEthernet0 0 Great. No chance of pinging the 172.16.10.1 interface on R1 then. For this pinging business to be sucessfull I need to enable RIP V2 on all the routers. I then need to list all the networks that each router knows about. Like this. Router 1 R1 R1 config router ripR1 config-router version 2R1 config-router network 192.168.1.0 255.255.255.0R1 config-router network 172.16.10.0 255.255.255.0 Router 2 R2 R2 config router ripR2 config-router version 2R2 config-router network 192.168.1.0 255.255.255.0R2 config-router network 192.168.2.0 255.255.255.0 Router 3 R3 R1 config router ripR1 config-router version 2R1 config-router network 192.168.2.0 255.255.255.0 Great. Now i'll check R3 routing table. R3 show ip routeGateway of last resort is not setR 172.16.0.0 16 120 1 via 192.168.2.1, 00 00 17, FastEthernet0 0R 192.168.1.0 24 120 1 via 192.168.2.1, 00 00 17, FastEthernet0 0C 192.168.2.0 24 is directly connected, FastEthernet0 0 Brilliant. I can now see the routes to 172.16.0.0 network. And can I ping it R3 ping 172.16.10.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds Success rate is 100 percent 5 5 , round-trip min avg max 60 72 92 ms So remember, you have to tell the router which networks you want to advertise and if you dont list the network which an interface is configured for, RIP won't advertise out of that interface.Lastly in this section I will cover how to turn off RIP propogating out of an Interface. This could be because you have RIP enabled but on of your interfaces is connected to a untrusted network for example. To prevent the propogation you wolud make the interface passive. You will still recieve RIP updates onthe interface bt will not send them. In the example below I'll prevent Router 2 from sending updates to Router 3. R2 config router ripR2 config-router version 2R2 config-router network 192.168.1.0 255.255.255.0R2 config-router network 192.168.2.0 255.255.255.0R2 config-router passive-interface fastethernet 1 0 Configuring Authentication Below I am going to configure authentication on my RIP updates. What I noticed in my lab was as soon as I set this up on a router the remote routers lost all routes until they too were configured for authentication. So it seems that this is an all or nothing thing. Below I enter global config mode, create a keychain called homelab, a key, and I give the key a password of cisco. R1 configure terminalR1 config key chain homelabR1 config-keychain key 1R1 config-keychain-key key-string cisco Now I enter the interface configuration and, tell it what key chain I'm using and tell it to use MD5. This has to be done on each interface that RIP will be sent or received on. Also, each neighboring router needs to use the same key cisco as set up in the steps above. R1 configure terminalR1 config interface fastEthernet 0 0R1 config-if ip rip authentication key-chain homelabR1 config-if ip rip authentication mode md5R1 config-if end Running a show ip protocols lists what the router knows about the authentication you have configured. R2 show ip protocolsRouting Protocol is rip Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 3 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing rip Default version control send version 2, receive version 2 Interface Send Recv Triggered RIP Key-chain FastEthernet0 0 2 2 homelab FastEthernet1 0 2 2 homelab Automatic network summarization is in effect Maximum path 4 Routing for Networks 172.16.0.0 192.168.1.0 192.168.2.0 Routing Information Sources Gateway Distance Last Update 192.168.2.2 120 00 08 39 192.168.1.1 120 00 00 03 Distance default is 120 Troubleshooting RIP The commands that I have found useful in helping to troubleshoot RIP are R1 show ip protocolsRouting Protocol is rip Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 25 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing rip Default version control send version 2, receive version 2 Interface Send Recv Triggered RIP Key-chain FastEthernet0 0 2 2 Loopback0 2 2 Automatic network summarization is in effect Maximum path 4 Routing for Networks 172.16.0.0 192.168.1.0 Routing Information Sources Gateway Distance Last Update 192.168.1.2 120 00 00 20 Distance default is 120 In the output above there are a bunch of timers Update, Invalid, Holddown and Flush . These need to be the same on each router. R2 show ip rip database172.16.0.0 16 auto-summary172.16.0.0 16 1 via 192.168.1.1, 00 00 00, FastEthernet0 0192.168.1.0 24 auto-summary192.168.1.0 24 directly connected, FastEthernet0 0192.168.2.0 24 auto-summary192.168.2.0 24 directly connected, FastEthernet1 0 R2 show ip route ripR 172.16.0.0 16 120 1 via 192.168.1.1, 00 00 16, FastEthernet0 0 R2 show ip routeCodes C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not setR 172.16.0.0 16 120 1 via 192.168.1.1, 00 00 02, FastEthernet0 0C 192.168.1.0 24 is directly connected, FastEthernet0 0C 192.168.2.0 24 is directly connected, FastEthernet1 0 R2 debug ip rip eventsRIP event debugging is onR2 01 30 43 RIP sending v2 update to 220.127.116.11 via FastEthernet0 0 192.168.1.2 01 30 43 RIP Update contains 1 routes01 30 43 RIP Update queued01 30 43 RIP Update sent via FastEthernet0 0 The command above will turn on debugging for RIP updates. Okay. That's about all I have on RIP.
Tuesday, September 22, 2009
1:22 PM NOAH 1 comment
original content: http://www.secuobs.com/revue/news/142612.shtml
IP Routing - RIP