Cisco ASA 5500 Series Configuration Guide using ASDM, 6.4 and 6.6
Configuring RIP
Downloads: This chapterpdf (PDF - 174.0KB) The complete bookPDF (PDF - 26.27MB) | Feedback

Configuring RIP

Table Of Contents

Configuring RIP

Information About RIP

Routing Update Process

RIP Routing Metric

RIP Stability Features

RIP Timers

Licensing Requirements for RIP

Guidelines and Limitations

Configuring RIP

Enabling RIP

Customizing RIP

Configuring the RIP Version

Configuring Interfaces for RIP

Editing a RIP Interface

Configuring the RIP Send and Receive Version on an Interface

Configuring Route Summarization

Filtering Networks in RIP

Adding or Editing a Filter Rule

Redistributing Routes into the RIP Routing Process

Enabling RIP Authentication

Restarting the RIP Process

Monitoring RIP

Configuration Example for RIP

Feature History for RIP


Configuring RIP


This chapter describes how to configure the ASA to route data, perform authentication, and redistribute routing information using the Routing Information Protocol (RIP).

This chapter includes the following sections:

Information About RIP

Licensing Requirements for RIP

Guidelines and Limitations

Configuring RIP

Customizing RIP

Monitoring RIP

Configuration Example for RIP

Feature History for RIP

Information About RIP

This section includes the following topics:

Routing Update Process

RIP Routing Metric

RIP Stability Features

RIP Timers

The Routing Information Protocol, or RIP, as it is more commonly called, is one of the most enduring of all routing protocols. RIP has four basic components: routing update process, RIP routing metrics, routing stability, and routing timers. Devices that support RIP send routing-update messages at regular intervals and when the network topology changes. These RIP packets include information about the networks that the devices can reach, as well as the number of routers or gateways that a packet must travel through to reach the destination address. RIP generates more traffic than OSPF, but is easier to configure.

RIP is a distance-vector routing protocol that uses hop count as the metric for path selection. When RIP is enabled on an interface, the interface exchanges RIP broadcasts with neighboring devices to dynamically learn about and advertise routes.

The ASA supports both RIP Version 1 and RIP Version 2. RIP Version 1 does not send the subnet mask with the routing update. RIP Version 2 sends the subnet mask with the routing update and supports variable-length subnet masks. Additionally, RIP Version 2 supports neighbor authentication when routing updates are exchanged. This authentication ensures that the ASA receives reliable routing information from a trusted source.

RIP has advantages over static routes because the initial configuration is simple, and you do not need to update the configuration when the topology changes. The disadvantage to RIP is that there is more network and processing overhead than in static routing.

Routing Update Process

RIP sends routing-update messages at regular intervals and when the network topology changes. When a router receives a routing update that includes changes to an entry, it updates its routing table to reflect the new route. The metric value for the path is increased by 1, and the sender is indicated as the next hop. RIP routers maintain only the best route (the route with the lowest metric value) to a destination. After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change. These updates are sent independently of the regularly scheduled updates that RIP routers send.

RIP Routing Metric

RIP uses a single routing metric (hop count) to measure the distance between the source and a destination network. Each hop in a path from source to destination is assigned a hop count value, which is typically 1. When a router receives a routing update that contains a new or changed destination network entry, the router adds 1 to the metric value indicated in the update and enters the network in the routing table. The IP address of the sender is used as the next hop.

RIP Stability Features

RIP prevents routing loops from continuing indefinitely by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops in a path is 15. If a router receives a routing update that contains a new or changed entry, and if increasing the metric value by 1 causes the metric to be infinity (that is, 16), the network destination is considered unreachable. The downside of this stability feature is that it limits the maximum diameter of a RIP network to less than 16 hops.

RIP includes a number of other stability features that are common to many routing protocols. These features are designed to provide stability despite potentially rapid changes in network topology. For example, RIP implements the split horizon and hold-down mechanisms to prevent incorrect routing information from being propagated.

RIP Timers

RIP uses numerous timers to regulate its performance. These include a routing-update timer, a route-timeout timer, and a route-flush timer. The routing-update timer clocks the interval between periodic routing updates. Generally, it is set to 30 seconds, with a small random amount of time added whenever the timer is reset. This is done to help prevent congestion, which could result from all routers simultaneously attempting to update their neighbors. Each routing table entry has a route-timeout timer associated with it. When the route-timeout timer expires, the route is marked invalid but is retained in the table until the route-flush timer expires.

Licensing Requirements for RIP

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single context mode only.

Firewall Mode Guidelines

Supported in routed and transparent firewall mode.

IPv6 Guidelines

Does not support IPv6.

Additional Guidelines

The following information applies to RIP Version 2 only:

If using neighbor authentication, the authentication key and key ID must be the same on all neighbor devices that provide RIP Version 2 updates to the interface.

With RIP Version 2, the ASA transmits and receives default route updates using the multicast address 224.0.0.9. In passive mode, it receives route updates at that address.

When RIP Version 2 is configured on an interface, the multicast address 224.0.0.9 is registered on that interface. When a RIP Version 2 configuration is removed from an interface, that multicast address is unregistered.

Limitations

The ASA cannot pass RIP updates between interfaces.

RIP Version 1 does not support variable-length subnet masks.

RIP has a maximum hop count of 15. A route with a hop count greater than 15 is considered unreachable.

RIP convergence is relatively slow compared to other routing protocols.

You can only enable a single RIP process on the ASA.

Configuring RIP

This section describes how to enable and restart the RIP process on the ASA.

After you have enabled RIP, see the "Customizing RIP" section to learn how to customize the RIP process on the ASA.


Note If you want to redistribute a route by defining which of the routes from the specified routing protocol are allowed to be redistributed into the target routing process, you must first generate a default route. For information, see the "Configuring a Default Static Route" section and then define a route map. For information, see the "Defining a Route Map" section.


Enabling RIP

You can only enable one RIP routing process on the ASA. After you enable the RIP routing process, you must define the interfaces that will participate in that routing process using the network command. By default, the ASA sends RIP Version 1 updates and accepts RIP Version 1 and Version 2 updates.

In ASDM, to enable a RIP process, perform the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

The main RIP Setup pane appears.

From this pane, you can perform the following tasks:

Enable Auto-summarization. See the "Configuring Route Summarization" section.

Enable RIP version. See the "Configuring the RIP Version" section.

Enable default information origination.

Define an IP Address for a Network to Add. See the "Filtering Networks in RIP" section.

Configure an Interface. See the "Configuring Interfaces for RIP" section.

Step 2 Check the Enable RIP routing check box.

After the Enable RIP routing box has been checked, you can enable RIP on the ASA and configure global RIP protocol parameters. You can only enable a single RIP process on the ASA. When you enable RIP, it is enabled on all interfaces. Checking this check box also enables the other fields in this pane. Uncheck this check box to disable RIP routing on the ASA.

Step 3 Click Apply.

To customize the RIP process, see the "Configuring RIP" section.


Customizing RIP

This section describes how to configure RIP and includes the following topics:

Configuring the RIP Version

Configuring Interfaces for RIP

Configuring the RIP Send and Receive Version on an Interface

Configuring Route Summarization

Filtering Networks in RIP

Redistributing Routes into the RIP Routing Process

Enabling RIP Authentication

Restarting the RIP Process

Configuring the RIP Version

In ASDM, you can specify the version of RIP used by the ASA by performing the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing check box, and click Apply.

Step 3 Check the Enable RIP version check box.

Checking this check box specifies the version of RIP used by the ASA. If this check box is unchecked, then the ASA sends RIP Version 1 updates and accepts RIP Version 1 and Version 2 updates. This setting can be overridden on a per-interface basis in the Interface pane. For more information about configuring interfaces, see the "Configuring Interfaces for RIP" section. Indicate the version of RIP to be used by choosing one of the following:

Version 1, which specifies that the ASA only sends and receives RIP Version 1 updates. Any Version 2 updates received are dropped.

Version 2, which specifies that the ASA only sends and receives RIP Version 2 updates. Any Version 1 updates received are dropped.

Step 4 Click Apply.


Configuring Interfaces for RIP

If you have an interface that you do not want to have participate in RIP routing, but that is attached to a network that you want advertised, you can configure the network that includes the network to which the interface is attached, and configure the passive interfaces to prevent that interface from using RIP. Additionally, you can specify the version of RIP that is used by the ASA for updates.

In ASDM, you can configure an interface in RIP used by the ASA so that all interfaces on the ASA are set to passive RIP mode. The ASA listens for RIP routing broadcasts on all interfaces and uses that information to populate the routing tables but do not broadcast routing updates. To set specific interfaces to passive RIP, perform the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing check box.

Step 3 In the Passive Interfaces area, check the check box in the Passive column for those interfaces that you want to have operate in passive mode. The other interfaces will still send and receive RIP broadcasts.

Step 4 Click Apply.


Note Individual interfaces can be made passive only if the global passive mode is not enabled. Uncheck the Global Passive check box to make individual interfaces passive using the Passive Interfaces table.


You can override this setting on a per-interface basis in the Interface pane. For more information, see the "Editing a RIP Interface" section.


Editing a RIP Interface

In ASDM, the Interface pane allows you to configure interface-specific RIP settings, such as the version of RIP that the interface sends and receives and the authentication method, if any, that are used for the RIP broadcasts.

To edit an interface that you have previously set up and configured, perform the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing check box and click Apply.

Step 3 Choose Configuration > Device Setup > Routing > RIP > Interfaces.

Step 4 Click Add or Edit.

The Add or Edit RIP Interface Entry dialog box appears and allows you to configure the interface-specific RIP settings.

Step 5 (Optional) Choose the following options according to your preferences:

Override Global Send Version—Check this check box to specify the RIP version sent by the interface. Choose one of the following options:

Version 1

Version 2

Version 1 & 2

Unchecking this check box restores the global setting.

Override Global Receive Version—Check this check box to specify the RIP version accepted by the interface. If a RIP updated from an unsupported version of RIP is received by the interface, it is dropped. Choose one of the following options:

Version 1

Version 2

Version 1 & 2

Unchecking this check box restores the global setting.

Enable Authentication—Check this check box to enable RIP authentication. Uncheck this check box to disable RIP authentication. Specify the following settings:

Key, which is the key used by the authentication method, and can be up to 16 characters long.

Key ID, which is the key ID used by the authentication method. Valid values range from 0 to 255.

Authentication Mode—You can choose one of the following authentication modes:

MD5 to use MD5 for RIP message authentication.

Text to use cleartext for RIP message authentication (not recommended).

Step 6 Click Apply.


Configuring the RIP Send and Receive Version on an Interface

You can override the globally-set version of RIP that the ASA uses to send and receive RIP updates on a per-interface basis.

To configure the RIP version for sending and receiving updates, perform the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing box, and click Apply.

Step 3 Choose Configuration > Device Setup > Routing > RIP > Interfaces.

Step 4 Click Edit.

The Edit RIP Interface Entry dialog box appears, which allows you to configure the interface-specific RIP settings for sending and receiving.

Step 5 In the Send Version area, check the Override global send version check box to specify the RIP version sent by the interface. Choose one of the following:

Version 1

Version 2

Version 1 & 2

Unchecking this check box restores the global setting.

Step 6 In the Receive Version area, check the Override global receive version check box to specify the RIP version accepted by the interface. If a RIP updated from an unsupported version of RIP is received by the interface, it is dropped. Choose one of from the following:

Version 1

Version 2

Version 1 & 2

Unchecking this check box restores the global setting.

Step 7 Click Apply.


Configuring Route Summarization


Note RIP Version 1 always uses automatic route summarization. You cannot disable this feature for RIP Version 1. RIP Version 2 uses automatic route summarization by default.


The RIP routing process summarizes on network number boundaries, which can cause routing problems if you have noncontiguous networks.

For example, if you have a router with the networks 192.168.1.0, 192.168.2.0, and 192.168.3.0 connected to it, and those networks all participate in RIP, the RIP routing process creates the summary address 192.168.0.0 for those routes. If an additional router is added to the network with the networks 192.168.10.0 and 192.168.11.0, and those networks participate in RIP, they will also be summarized as 192.168.0.0. To prevent the possibility of traffic being routed to the wrong location, you should disable automatic route summarization on the routers that are creating conflicting summary addresses.

Because RIP Version 1 always uses automatic route summarization, and RIP Version 2 always uses automatic route summarization by default, when configuring automatic route summarization, you only need to disable it.

In ASDM, you can enable or disable automatic route summarization in a RIP process by performing the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing check box, and click Apply.

Step 3 Check the Enable Auto-Summarization check box.

Uncheck this check box to disable automatic route summarization. Check this check box to reenable automatic route summarization. RIP Version 1 always uses automatic summarization. You cannot disable automatic route summarization for RIP Version 1. If you are using RIP Version 2, you can turn off automatic route summarization by unchecking this check box. Disable automatic route summarization if you must perform routing between disconnected subnets. When automatic route summarization is disabled, subnets are advertised.

Step 4 Click Apply.


Filtering Networks in RIP

To filter the networks received in updates, perform the following steps:


Note Before you begin, you must create a standard access list that permits the networks that you want the RIP process to allow in the routing table and denies the networks that you want the RIP process to discard.


In ASDM, you can configure filter rules that allow you to filter the network received in RIP routing updates or sent in RIP routing updates. Each filter rule consists of one or more network rules.


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing check box, and click Apply.

Step 3 Choose Configuration > Device Setup > Routing > RIP > Filter Rules.

Step 4 Click Add or Edit.

The Add or Edit Filter Rule dialog box appears, which allows you to create or edit filter rules that apply to all interfaces or to a specific interface.

Step 5 From the Direction drop-down list, choose the direction in which the filter should act.

Choosing In filters networks on incoming RIP updates. Additionally, only the Interface drop-down list is visible.

If you choose Out as the filter direction, skip to Step 8.

Step 6 Choose the Interface type from the Interface drop-down list.

This setting allows you to choose a specific interface for the filter rule, or you can choose the All Interfaces option to apply the filter to all interfaces.

Step 7 (Optional) Add a network rule by clicking Add. Skip to the "Adding or Editing a Filter Rule" section.

Step 8 Choose Out to filter networks from outgoing RIP updates. Additionally, the Interface and Routing Process drop-down list becomes visible.

Click the Interface radio button to choose a specific interface for the filter rule from the Interface drop-down list, or click the All Interfaces option to apply the filter to all interfaces.

Click the Routing Process radio button to activate the Routing process drop-down list. Choose from the following routing process types:

connected

static

OSPF

RIP

EIGRP

Step 9 (Optional) Add a network rule by clicking Add. Skip to the "Adding or Editing a Filter Rule" section.


Adding or Editing a Filter Rule

After you have configured a filter rule (see the "Filtering Networks in RIP" section), you can add or edit a network rule below the selected rule in the list by performing the following steps:


Step 1 After you have selected the direction or Interface type from Step 5 or Step 8 of the previous procedure, click Add or Edit in the Filtering Networks in RIP area.

The Network Rule dialog box appears.

Step 2 Choose the action from the Action drop-down list. The default is Permit.

Choose Permit if the specified network is not filtered from incoming or outgoing RIP advertisements.

Choose Deny if the specified network is to be filtered from incoming or outgoing RIP advertisements.

Step 3 Enter the IP address for the network being filtered, if different than what is displayed, in the IP Address field.

By default, the IP Address field displays the IP Address for the network being filtered.

Step 4 Enter the netmask, if different than what is displayed, in the Netmask field.

By default, the Netmask field displays the network mask applied to the IP address.

Step 5 Click OK.


Redistributing Routes into the RIP Routing Process

You can redistribute routes from the OSPF, EIGRP, static, and connected routing processes into the RIP routing process.


Note Before you begin this procedure, you must create a route map to further define which routes from the specified routing protocol are redistributed in to the RIP routing process. See Chapter 26 "Defining Route Maps," for more information about creating a route map.


In ASDM, you can display the routes that are being redistributed from other routing processes into the RIP routing process by performing the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Redistribution.

The Redistribution pane displays the routes that are being redistributed from other routing processes into the RIP routing process.

Step 2 Click Add or Edit.

If you clicked Add, the Add Route Redistribution dialog box allows you to add a new redistribution rule. If you clicked Edit, the Edit Route Redistribution dialog box allows you to change an existing rule.

Step 3 In the Protocol area, choose the routing protocol to redistribute into the RIP routing process:

Static, for static routes.

Connected, for directly connected networks.

OSPF and OSPF ID, for routes discovered by the OSPF routing process. If you choose OSPF, you must also enter the OSPF process ID. Additionally, you can select the specific types of OSPF routes to redistribute from the Match area.

EIGRP and EIGRP ID, for routes discovered by the EIGRP routing process. If you choose EIGRP, you must also specify the autonomous system number of the EIGRP routing process in the EIGRP ID field.

Step 4 In the Metrics area, check the Configure Metric Type check box to specify a metric for the redistributed routes. If not specified, the routes are assigned a default metric of 0. When the check box is checked, choose from one of the following available values:

Transparent to cause the current route metric to be used.

Value to assign a specific metric value. Valid values range from 0 to 16.

Step 5 In the Optional area, choose the route map from the Route Map drop-down list. This route map specifies the name of a route map that must be specified before the route can be redistributed into the RIP routing process. Click Manage to configure a specific route map. For more information about configuring route maps, see the "Adding or Editing a Route Map" section.

Step 6 In the Match area, choose specific types of OSPF routes to redistribute by checking the check box next to the route type. This area is not active unless OSPF has been chosen in the Protocol area.

If you do not check any route types, Internal, External 1, and External 2 routes are redistributed by default. The Match types are:

Internal, in which routes internal to the AS are redistributed.

External 1, in which Type 1 routes external to the AS are redistributed.

External 2, in which Type 2 routes external to the AS are redistributed.

NSSA External 1, in which Type 1 routes external to an NSSA are redistributed.

NSSA External 2, in which Type 2 routes external to an NSSA are redistributed.

Step 7 Click OK.


Enabling RIP Authentication


Note The ASA supports RIP message authentication for RIP Version 2 messages.


RIP route authentication provides MD5 authentication of routing updates from the RIP routing protocol. The MD5 keyed digest in each RIP packet prevents the introduction of unauthorized or false routing messages from unapproved sources.

RIP route authentication is configured on a per-interface basis. All RIP neighbors on interfaces configured for RIP message authentication must be configured with the same authentication mode and key for adjacencies to be established.


Note Before you can enable RIP route authentication, you must enable RIP.


To enable RIP authentication on an interface, perform the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing check box, and click Apply. If you uncheck this check box, the ASA sends RIP Version 1 updates and accepts RIP Version 1 and Version 2 updates. You can override this setting on a per-interface basis in the Interface pane. Version 1 specifies that the ASA only sends and receives RIP Version 1 updates. Any Version 2 updates received are dropped. Version 2 specifies that the ASA only sends and receives RIP Version 2 updates. Any Version 1 updates received are dropped.

Step 3 Choose Configuration > Device Setup > Routing > RIP > Interface.

Step 4 Click Edit.

The Edit RIP Interface Entry dialog box appears, which allows you to configure the interface-specific RIP settings.

Step 5 In the Authentication area, check the Enable Authentication check box to enable RIP authentication. Uncheck this check box to disable RIP authentication.

Step 6 In the Key field, enter the key used by the authentication method. This entry can include up to 16 characters.

Step 7 In the Key ID field, enter the key ID. Valid values range from 0 to 255.

Step 8 Choose the type of authentication mode that you want to use by clicking the radio button next to one of the following:

MD5 to use MD5 for RIP message authentication.

cleartext to use cleartext for RIP message authentication (not recommended).

Step 9 Click Apply.


Restarting the RIP Process

To remove the entire RIP configuration, perform the following steps:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Click Reset.


Monitoring RIP

To monitor or display various RIP routing statistics in ASDM, perform the following steps:


Step 1 In the main ASDM window, choose Monitoring > Routing > Routes.

Step 2 From this pane, you can choose to monitor the following:

IPv4

IPv6

Both


Configuration Example for RIP

The following example shows how to enable and configure RIP with various optional processes:


Step 1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step 2 Check the Enable RIP routing check box and click Apply.

Step 3 Check the Enable default information originate check box.

For more information about defining a route map, see the "Defining a Route Map" section.

Step 4 Check the Enable RIP version check box and choose Version 1.

Step 5 In the Networks area, enter 225.25.24.225 in the IP Network to Add field.

Step 6 In the Passive Interface area, click the check box next to the interface that you want to be passive in the Passive Interfaces table.

Step 7 Click Apply.

Step 8 Choose Configuration > Device Setup > Routing > RIP > Redistribution.

Step 9 Click Edit.

Step 10 In the Protocol area, choose Connected.

Step 11 In the Metric area, check the Configure Metric Type check box and choose Transparent Mode (default).

Step 12 In the Optional area, choose a route map from the Route Map drop-down list.

Step 13 Click Manage to configure a specific route map. For more information about configuring route maps, see the "Adding or Editing a Route Map" section.

Step 14 Click OK.


Feature History for RIP

Table 28-1 lists each feature change and the platform release in which it was implemented. ASDM is backward-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed.

Table 28-1 Feature History for RIP

Feature Name
Releases
Feature Information

RIP support

7.0(1)

Support was added for routing data, performing authentication, and redistributing and monitoring routing information using the Routing Information Protocol (RIP).

We introduced the following screen: Configuration > Device Setup > Routing > RIP.