To create or modify a RIP routing configuration file, you must use the correct routing commands. This topic includes a list of Quagga commands. Quagga is the routing daemon in Fireware v12.8.x or lower.
For a sample routing configuration file, go to Sample RIP Routing Configuration File (Quagga).
To configure RIP, go to Configure IPv4 Routing with RIP.
In Fireware v12.9 or higher, Fireware uses the Free Range Routing (FRR) engine. If your configuration includes Quagga commands for dynamic routing, those commands work after you upgrade to Fireware v12.9. For a list of FRR commands, go to RIP Commands (FRR).
This list includes the supported routing commands for RIP v1 and RIP v2 that you can use to create or modify a routing configuration file. If you use RIP v2, you must include the subnet mask with any command that uses a network IP address or RIP v2 will not operate. The sections must appear in the configuration file in the same order they appear in this list.
For greater security, we recommend MD5 authentication instead of simple authentication. Simple authentication passes the authentication string in plain text. Commands for both MD5 and simple authentication are shown here.
Example RIP Commands (Quagga in Fireware v12.8.x or Lower)
| Section | Command | Description |
|---|---|---|
|
Set simple password or MD5 authentication on an interface |
||
| key chain [KEY-CHAIN] | Set MD5 key chain name | |
| key [INTEGER] | Set MD5 key number | |
| key-string [AUTH-KEY] | Set MD5 authentication key | |
| interface eth [N] | Begin section to set authentication type for interface | |
| ip rip authentication mode md5 | Use MD5 authentication | |
| ip rip authentication mode key-chain [KEY-CHAIN] | Set MD5 authentication key-chain | |
| ip rip authentication mode text | Use simple authentication | |
| ip rip authentication string [PASSWORD] | Set RIP authentication password | |
| Configure interfaces | ||
| ip rip send version [1/2] | Set RIP to send version 1 or 2 | |
| ip rip receive version [1/2] | Set RIP to receive version 1 or 2 | |
| no ip rip split-horizon | Disable split-horizon; enabled by default | |
| Configure RIP routing daemon | ||
|
router rip |
Enable RIP daemon | |
| version [1/2] | Set RIP version to 1 or 2 (default version 2) | |
| Configure interfaces and networks | ||
|
no network eth[N] |
||
| passive-interface eth[N] | ||
| passive-interface default | ||
|
network [A.B.C.D/M] |
||
| neighbor [A.B.C.D/M] | ||
| Distribute routes to RIP peers and inject OSPF or BGP routes to RIP routing table | ||
| default-information originate | Share route of last resort (default route) with RIP peers. In Fireware v12.5.6 or higher, if the RIP configuration on your Firebox includes this command, and if Link Monitor detects a link failure for all WAN connections, RIP does not announce the default route to neighbors. | |
| redistribute static | Redistribute firewall static routes to RIP peers | |
| redistribute connected | Redistribute routes from all interfaces to RIP peers | |
| redistribute connected route-map [MAPNAME] | Redistribute routes from all interfaces to RIP peers, with a route map filter (mapname) | |
| redistribute ospf | Redistribute routes from OSPF to RIP | |
| redistribute ospf route-map [MAPNAME] | Redistribute routes from OSPF to RIP, with a route map filter (mapname) | |
| redistribute bgp | Redistribute routes from BGP to RIP | |
| redistribute bgp route-map [MAPNAME] | Redistribute routes from BGP to RIP, with a route map filter (mapname) | |
| Configure route redistribution filters with route maps and access lists | ||
|
access-list [LISTNAME] [PERMIT|DENY] [A,B,C,D/M | ANY] |
Create an access list to allow or deny redistribution of only one IP address or for all IP addresses | |
| route-map [MAPNAME] permit [N] | Create a route map with a name and allow with a priority of N | |
| match ip address [LISTNAME] | ||