- About This Guide
-
- Information about AAA
- Configuring the Local Database for AAA
- Configuring RADIUS Servers for AAA
- Configuring TACACS+ Servers for AAA
- Configuring LDAP Servers for AAA
- Configuring Windows NT Servers for AAA
- Configuring the Identity Firewall
- Configuring the ASA to Integrate with Cisco TrustSec
- Configuring Digital Certificates
- Index
Configuring RIP
This chapter describes how to configure the ASA to route data, perform authentication, and redistribute routing information, using the Routing Information Protocol (RIP).
Information About RIP
This section includes the following topics:
The Routing Information Protocol, or RIP, as it is more commonly called, is one of the most enduring of all routing protocols. RIP has four basic components: routing update process, RIP routing metrics, routing stability, and routing timers. Devices that support RIP send routing-update messages at regular intervals and when the network topology changes. These RIP packets include information about the networks that the devices can reach, as well as the number of routers or gateways that a packet must travel through to reach the destination address. RIP generates more traffic than OSPF, but is easier to configure.
RIP is a distance-vector routing protocol that uses hop count as the metric for path selection. When RIP is enabled on an interface, the interface exchanges RIP broadcasts with neighboring devices to dynamically learn about and advertise routes.
The ASA supports both RIP Version 1 and RIP Version 2. RIP Version 1 does not send the subnet mask with the routing update. RIP Version 2 sends the subnet mask with the routing update and supports variable-length subnet masks. Additionally, RIP Version 2 supports neighbor authentication when routing updates are exchanged. This authentication ensures that the ASA receives reliable routing information from a trusted source.
RIP has advantages over static routes because the initial configuration is simple, and you do not need to update the configuration when the topology changes. The disadvantage to RIP is that there is more network and processing overhead than in static routing.
Routing Update Process
RIP sends routing-update messages at regular intervals and when the network topology changes. When a router receives a routing update that includes changes to an entry, it updates its routing table to reflect the new route. The metric value for the path is increased by 1, and the sender is indicated as the next hop. RIP routers maintain only the best route (the route with the lowest metric value) to a destination. After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change. These updates are sent independently of the regularly scheduled updates that RIP routers send.
RIP Routing Metric
RIP uses a single routing metric (hop count) to measure the distance between the source and a destination network. Each hop in a path from source to destination is assigned a hop count value, which is typically 1. When a router receives a routing update that contains a new or changed destination network entry, the router adds 1 to the metric value indicated in the update and enters the network in the routing table. The IP address of the sender is used as the next hop.
RIP Stability Features
RIP prevents routing loops from continuing indefinitely by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops in a path is 15. If a router receives a routing update that contains a new or changed entry, and if increasing the metric value by 1 causes the metric to be infinity (that is, 16), the network destination is considered unreachable. The downside of this stability feature is that it limits the maximum diameter of a RIP network to less than 16 hops.
RIP includes a number of other stability features that are common to many routing protocols. These features are designed to provide stability despite potentially rapid changes in network topology. For example, RIP implements the split horizon and hold-down mechanisms to prevent incorrect routing information from being propagated.
RIP Timers
RIP uses numerous timers to regulate its performance. These include a routing-update timer, a route-timeout timer, and a route-flush timer. The routing-update timer clocks the interval between periodic routing updates. Generally, it is set to 30 seconds, with a small random amount of time added whenever the timer is reset. This is done to help prevent congestion, which could result from all routers simultaneously attempting to update their neighbors. Each routing table entry has a route-timeout timer associated with it. When the route-timeout timer expires, the route is marked invalid but is retained in the table until the route-flush timer expires.
Using Clustering
For information about using clustering with RIP, see the “Dynamic Routing and Clustering” section.
Licensing Requirements for RIP
The following table shows the licensing requirements for this feature:
|
|
---|---|
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Supported in single context mode only.
Supported in routed and transparent firewall mode.
The following information applies to RIP Version 2 only:
- If using neighbor authentication, the authentication key and key ID must be the same on all neighbor devices that provide RIP Version 2 updates to the interface.
- With RIP Version 2, the ASA transmits and receives default route updates using the multicast address 224.0.0.9. In passive mode, it receives route updates at that address.
- When RIP Version 2 is configured on an interface, the multicast address 224.0.0.9 is registered on that interface. When a RIP Version 2 configuration is removed from an interface, that multicast address is unregistered.
RIP has the following limitations:
- The ASA cannot pass RIP updates between interfaces.
- RIP Version 1 does not support variable-length subnet masks.
- RIP has a maximum hop count of 15. A route with a hop count greater than 15 is considered unreachable.
- RIP convergence is relatively slow compared to other routing protocols.
- You can only enable a single RIP process on the ASA.
Configuring RIP
This section describes how to enable and restart the RIP process on the ASA.
After you have enabled RIP, see the “Customizing RIP” section to learn how to customize the RIP process on the ASA.

Note If you want to redistribute a route by defining which of the routes from the specified routing protocol are allowed to be redistributed into the target routing process, you must first generate a default route. For information, see the “Configuring a Default Static Route” section and then define a route map. For information, see the “Defining a Route Map” section.
Enabling RIP
You can only enable one RIP routing process on the ASA. After you enable the RIP routing process, you must define the interfaces that will participate in that routing process using the network command. By default, the ASA sends RIP Version 1 updates and accepts RIP Version 1 and Version 2 updates.
To enable the RIP routing process, enter the following command:
Customizing RIP
This section describes how to configure RIP and includes the following topics:
- Configuring the RIP Version
- Configuring Interfaces for RIP
- Configuring the RIP Send and Receive Version on an Interface
- Configuring Route Summarization
- Filtering Networks in RIP
- Redistributing Routes into the RIP Routing Process
- Enabling RIP Authentication
- . Restarting the RIP Process
Configuring the RIP Version
To specify the version of RIP used by the ASA, perform the following steps:
Detailed Steps
Configuring Interfaces for RIP
If you have an interface that you do not want to have participate in RIP routing, but that is attached to a network that you want advertised, you can configure the network (using the network command) that includes the network to which the interface is attached, and configure the passive interfaces (using the passive-interface command) to prevent that interface from using RIP. Additionally, you can specify the version of RIP that is used by the ASA for updates.
To configure interfaces for RIP, perform the following steps:
Detailed Steps
Configuring the RIP Send and Receive Version on an Interface
You can override the globally-set version of RIP that the ASA uses to send and receive RIP updates on a per-interface basis.
To configure the RIP version for sending and receiving updates, perform the following steps:
Detailed Steps
Configuring Route Summarization

Note RIP Version 1 always uses automatic route summarization. You cannot disable this feature for RIP Version 1. RIP Version 2 uses automatic route summarization by default.
The RIP routing process summarizes on network number boundaries, which can cause routing problems if you have noncontiguous networks.
For example, if you have a router with the networks 192.168.1.0, 192.168.2.0, and 192.168.3.0 connected to it, and those networks all participate in RIP, the RIP routing process creates the summary address 192.168.0.0 for those routes. If an additional router is added to the network with the networks 192.168.10.0 and 192.168.11.0, and those networks participate in RIP, they will also be summarized as 192.168.0.0. To prevent the possibility of traffic being routed to the wrong location, you should disable automatic route summarization on the routers that are creating conflicting summary addresses.
Because RIP Version 1 always uses automatic route summarization, and RIP Version 2 always uses automatic route summarization by default, when configuring automatic route summarization, you only need to disable it.
To disable automatic route summarization, perform the following steps:
Detailed Steps
|
|
|
---|---|---|
|
Enables the RIP routing process and places you in router configuration mode. |
|
|
Filtering Networks in RIP
To filter the networks received in updates, perform the following steps:

Note Before you begin, you must create a standard ACL that permits the networks that you want the RIP process to allow in the routing table and denies the networks that you want the RIP process to discard.
Detailed Steps
Redistributing Routes into the RIP Routing Process
You can redistribute routes from the OSPF, EIGRP, static, and connected routing processes into the RIP routing process.

Note Before you begin this procedure, you must create a route map to further define which routes from the specified routing protocol are redistributed in to the RIP routing process. See “Defining a Route Map,” for more information about creating a route map.
To redistribute a route into the RIP routing process, enter one of the following commands:
Enabling RIP Authentication

Note The ASA supports RIP message authentication for RIP Version 2 messages.
RIP route authentication provides MD5 authentication of routing updates from the RIP routing protocol. The MD5 keyed digest in each RIP packet prevents the introduction of unauthorized or false routing messages from unapproved sources.
RIP route authentication is configured on a per-interface basis. All RIP neighbors on interfaces configured for RIP message authentication must be configured with the same authentication mode and key for adjacencies to be established.

Note Before you can enable RIP route authentication, you must enable RIP.
To enable RIP authentication on an interface, perform the following steps:
Detailed Steps
. Restarting the RIP Process
To remove the entire RIP configuration, enter the following command:
Monitoring RIP
We recommend that you only use the debug commands to troubleshoot specific problems or during troubleshooting sessions with the Cisco TAC.
Debugging output is assigned high priority in the CPU process and can render the ASA unusable. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect performance. For examples and descriptions of the command output, see the command reference.
To monitor or debug various RIP routing statistics, enter one of the following commands:
Configuration Example for RIP
The following example shows how to enable and configure RIP with various optional processes:
Feature History for RIP
Table 29-1 lists each feature change and the platform release in which it was implemented.