Distribute-List Interface
Test to verify RIP distribute-list interface configuration for route filtering.
The set protocols rip distribute-list interface <itf> prefix-list in <list> command filters
incoming RIP routes based on the interface they are received on and a prefix-list. The
set protocols rip distribute-list interface <itf> prefix-list out <list> command filters
outgoing RIP routes on a specific interface. These commands provide granular control over
route acceptance and advertisement on a per-interface basis.
Test RIP Distribute-List Interface Filtering
Description
Test RIP distribute-list interface filters routes based on receiving interface and prefix-list. DUT0 acts as the middle router with two neighbors. DUT1 connects via eth0 and redistributes the 10.10.10.0/24 network into RIP. DUT2 connects via eth1 and redistributes the 10.20.20.0/24 network into RIP. DUT0 is configured with interface-specific filters where eth0 accepts only the 10.10.10.0/24 prefix and eth1 denies all routes. The test verifies that DUT0 learns the route from DUT1 via eth0 but rejects the route from DUT2 via eth1 due to the per-interface filtering rules.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.1.1.50/24 set interfaces ethernet eth1 address 10.2.2.50/24 set protocols ip prefix-list FILTER-ROUTES rule 10 action permit set protocols ip prefix-list FILTER-ROUTES rule 10 prefix 10.10.10.0/24 set protocols ip prefix-list FILTER-ROUTES rule 20 action deny set protocols ip prefix-list FILTER-ROUTES rule 20 prefix 0.0.0.0/0 set protocols rip distribute-list interface eth0 prefix-list in FILTER-ROUTES set protocols rip distribute-list interface eth1 prefix-list in FILTER-ROUTES set protocols rip network 10.1.1.0/24 set protocols rip network 10.2.2.0/24 set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 10.10.10.1/24 set interfaces ethernet eth0 address 10.1.1.100/24 set protocols rip network 10.1.1.0/24 set protocols rip redistribute connected set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces dummy dum0 address 10.20.20.1/24 set interfaces ethernet eth1 address 10.2.2.75/24 set protocols rip network 10.2.2.0/24 set protocols rip redistribute connected set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
DUT0 should learn route 10.10.10.0/24 from DUT1 via eth0 (allowed by distribute-list).
Step 4: Run command protocols rip show at DUT0 and check if output matches the following regular expressions:
R\(n\) 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.1.1.0/24 0.0.0.0 1 self 0 C(i) 10.2.2.0/24 0.0.0.0 1 self 0 R(n) 10.10.10.0/24 10.1.1.100 2 10.1.1.100 0 02:59
Step 5: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:
R>\* 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.1.1.0/24 is directly connected, eth0, weight 1, 00:00:03 K * 10.1.1.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:03 L>* 10.1.1.50/32 is directly connected, eth0, weight 1, 00:00:03 C>* 10.2.2.0/24 is directly connected, eth1, weight 1, 00:00:03 K * 10.2.2.0/24 [0/0] is directly connected, eth1, weight 1, 00:00:03 L>* 10.2.2.50/32 is directly connected, eth1, weight 1, 00:00:03 R>* 10.10.10.0/24 [120/2] via 10.1.1.100, eth0, weight 1, 00:00:01
Attention
DUT0 should not learn route 10.20.20.0/24 from DUT2 via eth1 (filtered by distribute-list).
Step 6: Run command protocols rip show at DUT0 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.1.1.0/24 0.0.0.0 1 self 0 C(i) 10.2.2.0/24 0.0.0.0 1 self 0 R(n) 10.10.10.0/24 10.1.1.100 2 10.1.1.100 0 02:59
Step 7: Run command protocols ip show route at DUT0 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.1.1.0/24 is directly connected, eth0, weight 1, 00:00:03 K * 10.1.1.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:03 L>* 10.1.1.50/32 is directly connected, eth0, weight 1, 00:00:03 C>* 10.2.2.0/24 is directly connected, eth1, weight 1, 00:00:03 K * 10.2.2.0/24 [0/0] is directly connected, eth1, weight 1, 00:00:03 L>* 10.2.2.50/32 is directly connected, eth1, weight 1, 00:00:03 R>* 10.10.10.0/24 [120/2] via 10.1.1.100, eth0, weight 1, 00:00:01
Test RIP Distribute-List Interface OUT Filtering
Description
Test RIP distribute-list interface out filters outgoing routes on specific interfaces. DUT0 has a dummy interface with network 10.10.10.0/24 and connects to two neighbors via eth0 and eth1. DUT0 is configured with an outgoing distribute-list on eth0 that permits only the 10.10.10.0/24 route. The test verifies that DUT1 receives the 10.10.10.0/24 route via eth0 but DUT2 does not receive it via eth1 because the filter only allows advertisement on eth0.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces dummy dum0 address 10.10.10.1/24 set interfaces ethernet eth0 address 10.1.1.50/24 set interfaces ethernet eth1 address 10.2.2.50/24 set protocols ip prefix-list ALLOW-DUM0 rule 10 action permit set protocols ip prefix-list ALLOW-DUM0 rule 10 prefix 10.10.10.0/24 set protocols ip prefix-list DENY-DUM0 rule 10 action deny set protocols ip prefix-list DENY-DUM0 rule 10 prefix 10.10.10.0/24 set protocols ip prefix-list DENY-DUM0 rule 20 action permit set protocols ip prefix-list DENY-DUM0 rule 20 prefix 0.0.0.0/0 set protocols rip distribute-list interface eth0 prefix-list out ALLOW-DUM0 set protocols rip distribute-list interface eth1 prefix-list out DENY-DUM0 set protocols rip network 10.1.1.0/24 set protocols rip network 10.2.2.0/24 set protocols rip redistribute connected set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.1.1.100/24 set protocols rip network 10.1.1.0/24 set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth1 address 10.2.2.75/24 set protocols rip network 10.2.2.0/24 set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
DUT1 should learn route 10.10.10.0/24 from DUT0 via eth0 (allowed by distribute-list out).
Step 4: Run command protocols rip show at DUT1 and check if output matches the following regular expressions:
R\(n\) 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.1.1.0/24 0.0.0.0 1 self 0 R(n) 10.10.10.0/24 10.1.1.50 2 10.1.1.50 0 02:59
Step 5: Run command protocols ip show route at DUT1 and check if output matches the following regular expressions:
R>\* 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.1.1.0/24 is directly connected, eth0, weight 1, 00:00:02 L>* 10.1.1.100/32 is directly connected, eth0, weight 1, 00:00:02 R>* 10.10.10.0/24 [120/2] via 10.1.1.50, eth0, weight 1, 00:00:00 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:16:00 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:17:44 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:45:06 L> 30.0.0.3/32 is directly connected, eth0 inactive, weight 1, 03:58:36 L 30.0.0.3/32 is directly connected, eth0 inactive, weight 1, 03:58:56
Attention
DUT2 should not learn route 10.10.10.0/24 from DUT0 via eth1 (no distribute-list out configured).
Step 6: Run command protocols rip show at DUT2 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.2.2.0/24 0.0.0.0 1 self 0
Step 7: Run command protocols ip show route at DUT2 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.2.2.0/24 is directly connected, eth1, weight 1, 00:00:01 L>* 10.2.2.75/32 is directly connected, eth1, weight 1, 00:00:01