Web: Example for Configuring RIP to Import External Routes
This section provides an example for configure different RIP processes of routers to exchange routes.
Networking Requirements
On the network shown in Figure 1, two RIP processes, RIP 100 and RIP 200, run on FW_B. FW_B exchanges routing information with FW_A through RIP 100 and exchanges routing information with FW_C through RIP 200.
It is required that the two RIP processes of FW_B import RIP routes from each other. The cost of the routes imported from RIP 200 defaults to 3.
Configuration Roadmap
The configuration roadmap is as follows:
- Enable RIP100 and specify network segments on FW_A and FW_B; enable RIP200 and specify network segments on FW_B and FW_C.
- Configure the two RIP processes on FW_B to import routes from each other and set the default cost of the routes imported from RIP200 to 3.
Data Planning
To complete the configuration, you need the following data:
- RIP instance ID (100) and RIP network segment (192.168.1.0) on FW_A
- RIP instance ID (100 and 200) and RIP network segment (192.168.1.0 and 192.168.2.0) on FW_B
- RIP instance ID (200) and RIP network segment (192.168.2.0, 192.168.3.0, and 192.168.4.0) on FW_C
Procedure
- On FW_A, set IP addresses for interfaces, assign interfaces to security zones, and configure an interzone security policy.
- Configure basic RIP functions on FW_A.
- Choose to create RIP100.
- Configure RIP network segments 192.168.0.0 and 192.168.1.0.
- Click
of the created RIP process. - In the RIP Process ID:100 navigation tree, choose .
- Click Add to configure network segments 192.168.0.0 and192.168.1.0.
- Click OK.
- Click
- Choose to create RIP100.
- By referring to Step 1 and Step 2, configure FW_C and configure basic RIP functions.
Configure interface IP addresses and security zones.
Interface Name
GE0/0/1
GE0/0/2
GE0/0/3
Zone
trust
trust
trust
IP Address
192.168.2.2/24
192.168.3.1/24
192.168.4.1/24
Configure a security policy.
Name
policy_sec_1
Source Zone
Trust and Local
Destination Zone
Local and Trust
Action
permit
Configure basic RIP functions.
Process ID
200
Network Segment
192.168.2.0
192.168.3.0
192.168.4.0
- Complete basic configurations, configure basic RIP functions, and import external routes on FW_B.
- Import routes from RIP 200 to RIP 100 and set the default cost of the routes to 3.
- Click for RIP 100.
- In the OSPF Process ID:100 navigation tree, choose .
- Click Add and set parameters as follows:
- Click OK.
- Click
- Import routes from RIP 100 to RIP 200.
- Click for RIP 200.
- In the OSPF Process ID:200 navigation tree, choose .
- Click Add and set parameters as follows:
- Click OK.
- Click
- Import routes from RIP 200 to RIP 100 and set the default cost of the routes to 3.
Verification
# Check the routing table of FW_A after route import.
[FW_A] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 192.168.0.0/24 Direct 0 0 D 192.168.0.1 GigabitEthernet0/0/1 192.168.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet0/0/1 192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.0/24 RIP 100 4 D 192.168.1.2 GigabitEthernet0/0/1 192.168.3.0/24 RIP 100 4 D 192.168.1.2 GigabitEthernet0/0/1 192.168.4.0/24 RIP 100 4 D 192.168.1.2 GigabitEthernet0/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configuration Scripts
Configuration script of FW_A
# sysname FW_A # interface GigabitEthernet0/0/1 undo shutdown ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet0/0/2 undo shutdown ip address 192.168.0.1 255.255.255.0 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 add interface GigabitEthernet0/0/2 # security-policy rule name policy_sec_1 source-zone trust source-zone local destination-zone local destination-zone trust action permit # rip 100 network 192.168.0.0 network 192.168.1.0 # return
Configuration script of FW_B
# sysname FW_B # acl number 2000 rule 5 deny source 192.168.4.0 0.0.0.255 rule 10 permit # interface GigabitEthernet0/0/1 undo shutdown ip address 192.168.1.2 255.255.255.0 # interface GigabitEthernet0/0/2 undo shutdown ip address 192.168.2.1 255.255.255.0 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 add interface GigabitEthernet0/0/2 # security-policy rule name policy_sec_1 source-zone trust source-zone local destination-zone local destination-zone trust action permit # rip 100 default-cost 3 network 192.168.1.0 filter-policy 2000 export import-route rip 200 # rip 200 network 192.168.2.0 import-route rip 100 # return
Configuration script of FW_C
# sysname FW_C # interface GigabitEthernet0/0/1 undo shutdown ip address 192.168.2.2 255.255.255.0 # interface GigabitEthernet0/0/2 undo shutdown ip address 192.168.3.1 255.255.255.0 # interface GigabitEthernet0/0/3 undo shutdown ip address 192.168.4.1 255.255.255.0 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 add interface GigabitEthernet0/0/2 add interface GigabitEthernet0/0/3 # security-policy rule name policy_sec_1 source-zone trust source-zone local destination-zone local destination-zone trust action permit # rip 100 network 192.168.2.0 network 192.168.3.0 network 192.168.4.0 # return