< Home

CLI: Example for Configuring Basic RIP Functions

You can configure RIP-2 on small IP networks to implement network interconnection.

Networking Requirements

As shown in Figure 1, it is required that RIP be enabled on all interfaces of FW_A, FW_B, FW_C, and FW_D and the routers interconnect with each other through RIP-2.

Figure 1 Networking diagram for configuring basic RIP functions

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the IP address of each interface to make the network layers accessible.
  2. Enable RIP on each FW and configure basic RIP functions.
  3. Configure RIP-2 on each FW and check the subnet masks.

Data Preparation

  • RIP network segment 192.168.1.0 on FW_A
  • RIP network segment 192.168.1.0, 172.16.0.0, and 10.0.0.0 on FW_B
  • RIP network segment 172.16.0.0 on FW_C
  • RIP network segment 10.0.0.0 on FW_D
  • RIP-2 on FW_A, FW_B, FW_C, and FW_D

Procedure

  1. Set the IP addresses for the interfaces, add the interfaces to security zones, and configure the interzone security policy.

    # Configure FW_A.

    <FW> system-view
[FW] sysname FW_A
[FW_A] interface GigabitEthernet 0/0/1
[FW_A-GigabitEthernet0/0/1] ip address 192.168.1.1 24
[FW_A-GigabitEthernet0/0/1] quit
[FW_A] firewall zone trust
[FW_A-zone-trust] add interface GigabitEthernet 0/0/1
[FW_A-zone-trust] quit
[FW_A] security-policy
[FW_A-policy-security] rule name policy_sec_1
[FW_A-policy-security-rule-policy_sec_1] source-zone trust local
[FW_A-policy-security-rule-policy_sec_1] destination-zone local trust
[FW_A-policy-security-rule-policy_sec_1] action permit
[FW_A-policy-security-rule-policy_sec_1] quit

    # Configure FW_B.

    <FW> system-view
[FW] sysname FW_B
[FW_B] interface GigabitEthernet 0/0/1
[FW_B-GigabitEthernet0/0/1] ip address 192.168.1.2 24
[FW_B-GigabitEthernet0/0/1] quit
[FW_B] interface GigabitEthernet 0/0/2
[FW_B-GigabitEthernet0/0/2] ip address 172.16.1.1 24
[FW_B-GigabitEthernet0/0/2] quit
[FW_B] interface GigabitEthernet 0/0/3
[FW_B-GigabitEthernet0/0/3] ip address 10.1.1.1 24
[FW_B-GigabitEthernet0/0/3] quit
[FW_B] firewall zone trust
[FW_B-zone-trust] add interface GigabitEthernet 0/0/1
[FW_B-zone-trust] add interface GigabitEthernet 0/0/2
[FW_B-zone-trust] add interface GigabitEthernet 0/0/3
[FW_B-zone-trust] quit
[FW_B] security-policy
[FW_B-policy-security] rule name policy_sec_1
[FW_B-policy-security-rule-policy_sec_1] source-zone trust local
[FW_B-policy-security-rule-policy_sec_1] destination-zone local trust
[FW_B-policy-security-rule-policy_sec_1] action permit
[FW_B-policy-security-rule-policy_sec_1] quit

    # Configure FW_C.

    <FW> system-view
[FW] sysname FW_C
[FW_C] interface GigabitEthernet 0/0/1
[FW_C-GigabitEthernet0/0/1] ip address 172.16.1.2 24
[FW_C-GigabitEthernet0/0/1] quit
[FW_C] firewall zone trust
[FW_C-zone-trust] add interface GigabitEthernet 0/0/1
[FW_C-zone-trust] quit
[FW_C] security-policy
[FW_C-policy-security] rule name policy_sec_1
[FW_C-policy-security-rule-policy_sec_1] source-zone trust local
[FW_C-policy-security-rule-policy_sec_1] destination-zone local trust
[FW_C-policy-security-rule-policy_sec_1] action permit
[FW_C-policy-security-rule-policy_sec_1] quit

    # Configure FW_D.

    <FW> system-view
[FW] sysname FW_D
[FW_D] interface GigabitEthernet 0/0/3
[FW_D-GigabitEthernet0/0/3] ip address 10.1.1.2 24
[FW_D-GigabitEthernet0/0/3] quit
[FW_D] firewall zone trust
[FW_D-zone-trust] add interface GigabitEthernet 0/0/3
[FW_D-zone-trust] quit
[FW_D] security-policy
[FW_D-policy-security] rule name policy_sec_1
[FW_D-policy-security-rule-policy_sec_1] source-zone trust local
[FW_D-policy-security-rule-policy_sec_1] destination-zone local trust
[FW_D-policy-security-rule-policy_sec_1] action permit
[FW_D-policy-security-rule-policy_sec_1] quit

  2. Configure basic RIP functions.

    # Configure FW_A.

    [FW_A] rip
[FW_A-rip-1] network 192.168.1.0
[FW_A-rip-1] quit

    # Configure FW_B.

    [FW_B] rip
[FW_B-rip-1] network 192.168.1.0
[FW_B-rip-1] network 172.16.0.0
[FW_B-rip-1] network 10.0.0.0
[FW_B-rip-1] quit

    # Configure FW_C.

    [FW_C] rip
[FW_C-rip-1] network 172.16.0.0
[FW_C-rip-1] quit

    # Configure FW_D.

    [FW_D] rip
[FW_D-rip-1] network 10.0.0.0
[FW_D-rip-1] quit

    # Check the RIP routing table of FW_A.

    [FW_A] display rip 1 route
 Route Flags: R - RIP
              A - Aging, S - Suppressed, G - Garbage-collect 
-------------------------------------------------------------------------
 Peer 192.168.1.2  on GigabitEthernet0/0/1
      Destination/Mask        Nexthop        Cost   Tag     Flags   Sec
         10.0.0.0/8           192.168.1.2      1    0        RA      14
         172.16.0.0/16        192.168.1.2      1    0        RA      14
         192.168.1.0/24       192.168.1.2      1    0        RA      14

    From the routing table, you can view that the routes advertised by RIP-1 use natural masks.

  3. Configure the RIP version number.

    # Configure RIP-2 on FW_A.

    [FW_A] rip
[FW_A-rip-1] version 2
[FW_A-rip-1] quit

    # Configure RIP-2 on FW_B.

    [FW_B] rip
[FW_B-rip-1] version 2
[FW_B-rip-1] quit

    # Configure RIP-2 on FW_C.

    [FW_C] rip
[FW_C-rip-1] version 2
[FW_C-rip-1] quit

    # Configure RIP-2 on FW_D.

    [FW_D] rip
[FW_D-rip-1] version 2
[FW_D-rip-1] quit

  4. Verify the configuration.

    # Check the RIP routing table of FW_A.

    [FW_A] display rip 1 route
  Route Flags: R - RIP
              A - Aging, S - Suppressed, G - Garbage-collect
-------------------------------------------------------------------------
 Peer 192.168.1.2  on GigabitEthernet0/0/1
      Destination/Mask         Nexthop        Cost   Tag     Flags   Sec
        10.1.1.0/24       192.168.1.2      1    0        RA      32
      172.16.1.0/24       192.168.1.2      1    0        RA      32
     192.168.1.0/24       192.168.1.2      1    0        RA      14

    By default, the Ethernet interface has the split horizon mechanism enabled. Therefore, route aggregation does not take effect. As the routing table shows, routes advertised by RIP-2 contain more accurate subnet mask information.

Configuration Scripts

Configuration script for FW_A:

#                                                                                
 sysname FW_A                                      
#                                                                               
interface GigabitEthernet0/0/1                                                  
 undo shutdown
 ip address 192.168.1.1 255.255.255.0
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/1
#                                                                               
security-policy                                                                 
  rule name policy_sec_1                                                        
    source-zone trust
    source-zone local                                                           
    destination-zone local       
    destination-zone trust                                             
    action permit  
#                                                                               
rip 1                                                                          
 version 2                                                                      
 network 192.168.1.0                                                            
#
return

Configuration script for FW_B:

#                                                                                
 sysname FW_B                                      
#                                                                               
interface GigabitEthernet0/0/1                                                  
 undo shutdown
 ip address 192.168.1.2 255.255.255.0
#                                                                               
interface GigabitEthernet0/0/2                                                  
 undo shutdown
 ip address 172.16.1.1 255.255.255.0
#                                                                               
interface GigabitEthernet0/0/3                                                  
 undo shutdown
 ip address 10.1.1.1 255.255.255.0
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/1
 add interface GigabitEthernet0/0/2
 add interface GigabitEthernet0/0/3
#                                                                               
security-policy                                                                 
  rule name policy_sec_1                                                        
    source-zone trust
    source-zone local                                                           
    destination-zone local       
    destination-zone trust                                             
    action permit  
#                                                                               
rip 1                                                                          
 version 2                                                                      
 network 192.168.1.0                                                            
 network 172.16.0.0
 network 10.0.0.0
#                                                                                 
return

Configuration script for FW_C:

#                                                                                
 sysname FW_C                                      
#                                                                               
interface GigabitEthernet0/0/1                                                  
 undo shutdown
 ip address 172.16.1.2 255.255.255.0
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/1
#                                                                               
security-policy                                                                 
  rule name policy_sec_1                                                        
    source-zone trust
    source-zone local                                                           
    destination-zone local       
    destination-zone trust                                             
    action permit  
#                                                                               
rip 1                                                                          
 version 2                                                                      
 network 172.16.0.0                                                            
#
return

Configuration script for FW_D:

#                                                                                
 sysname FW_D                                      
#                                                                               
interface GigabitEthernet0/0/3                                                  
 undo shutdown
 ip address 10.1.1.2 255.255.255.0
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/3
#                                                                               
security-policy                                                                 
  rule name policy_sec_1                                                        
    source-zone trust
    source-zone local                                                           
    destination-zone local       
    destination-zone trust                                             
    action permit
#                                                                               
rip 1                                                                          
 version 2                                                                      
 network 10.0.0.0                                                            
#
return
Parent Topic: Configuration Examples for RIP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >