Distribute-List Prefix-List
Test to verify RIP distribute-list prefix-list configuration for route filtering.
The set protocols rip distribute-list prefix-list in <list> command filters incoming RIP
routes globally across all interfaces using a prefix-list. The set protocols rip distribute-list
prefix-list out <list> command filters outgoing RIP routes globally. These commands provide
centralized control over route acceptance and advertisement across all RIP neighbors.
Test RIP Distribute-List Prefix-List IN
Description
Test RIP distribute-list prefix-list in filters incoming routes globally across all interfaces. DUT1 redistributes two dummy networks into RIP, the 10.10.10.0/24 and 10.20.20.0/24 networks. DUT0 is configured with a global incoming distribute-list that permits only 10.10.10.0/24 and denies all other routes. The test verifies that DUT0 accepts the 10.10.10.0/24 route but rejects the 10.20.20.0/24 route, demonstrating that the global prefix-list filter is working correctly for all incoming RIP updates.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.100/24 set protocols ip prefix-list FILTER-ROUTES rule 10 action permit set protocols ip prefix-list FILTER-ROUTES rule 10 prefix 10.10.10.0/24 set protocols ip prefix-list FILTER-ROUTES rule 20 action deny set protocols ip prefix-list FILTER-ROUTES rule 20 prefix 0.0.0.0/0 set protocols rip distribute-list prefix-list in FILTER-ROUTES set protocols rip network 10.0.0.0/24 set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 10.10.10.1/24 set interfaces dummy dum1 address 10.20.20.1/24 set interfaces ethernet eth0 address 10.0.0.50/24 set protocols rip network 10.0.0.0/24 set protocols rip redistribute connected set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
DUT0 should learn route 10.10.10.0/24 from DUT1 (allowed by distribute-list).
Step 3: Run command protocols rip show at DUT0 and check if output matches the following regular expressions:
R\(n\) 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.0.0.0/24 0.0.0.0 1 self 0 R(n) 10.10.10.0/24 10.0.0.50 2 10.0.0.50 0 02:58
Step 4: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:
R>\* 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.0.0.0/24 is directly connected, eth0, weight 1, 00:00:06 K * 10.0.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:06 L>* 10.0.0.100/32 is directly connected, eth0, weight 1, 00:00:06 R>* 10.10.10.0/24 [120/2] via 10.0.0.50, eth0, weight 1, 00:00:01
Attention
DUT0 should not learn route 10.20.20.0/24 from DUT1 (filtered by distribute-list).
Step 5: Run command protocols rip show at DUT0 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.0.0.0/24 0.0.0.0 1 self 0 R(n) 10.10.10.0/24 10.0.0.50 2 10.0.0.50 0 02:58
Step 6: Run command protocols ip show route at DUT0 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.0.0.0/24 is directly connected, eth0, weight 1, 00:00:07 K * 10.0.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:07 L>* 10.0.0.100/32 is directly connected, eth0, weight 1, 00:00:07 R>* 10.10.10.0/24 [120/2] via 10.0.0.50, eth0, weight 1, 00:00:02
Test RIP Distribute-List Prefix-List OUT
Description
Test RIP distribute-list prefix-list out filters outgoing routes globally across all interfaces. DUT0 redistributes two dummy networks into RIP, the 10.10.10.0/24 and 10.20.20.0/24 networks. DUT0 is configured with a global outgoing distribute-list that permits only 10.10.10.0/24 and denies all other routes. The test verifies that DUT1 receives the 10.10.10.0/24 route but does not receive the 10.20.20.0/24 route, demonstrating that the global prefix-list filter is working correctly for all outgoing RIP advertisements.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces dummy dum0 address 10.10.10.1/24 set interfaces dummy dum1 address 10.20.20.1/24 set interfaces ethernet eth0 address 10.0.0.50/24 set protocols ip prefix-list FILTER-ROUTES rule 10 action permit set protocols ip prefix-list FILTER-ROUTES rule 10 prefix 10.10.10.0/24 set protocols ip prefix-list FILTER-ROUTES rule 20 action deny set protocols ip prefix-list FILTER-ROUTES rule 20 prefix 0.0.0.0/0 set protocols rip distribute-list prefix-list out FILTER-ROUTES set protocols rip network 10.0.0.0/24 set protocols rip redistribute connected set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.100/24 set protocols rip network 10.0.0.0/24 set protocols rip timers update 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
DUT1 should learn route 10.10.10.0/24 from DUT0 (allowed by distribute-list).
Step 3: Run command protocols rip show at DUT1 and check if output matches the following regular expressions:
R\(n\) 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.0.0.0/24 0.0.0.0 1 self 0 R(n) 10.10.10.0/24 10.0.0.50 2 10.0.0.50 0 02:58
Step 4: Run command protocols ip show route at DUT1 and check if output matches the following regular expressions:
R>\* 10.10.10.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.0.0.0/24 is directly connected, eth0, weight 1, 00:00:02 L>* 10.0.0.100/32 is directly connected, eth0, weight 1, 00:00:02 R>* 10.10.10.0/24 [120/2] via 10.0.0.50, eth0, weight 1, 00:00:01 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:16:25 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:18:09 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:45:31 L> 30.0.0.3/32 is directly connected, eth0 inactive, weight 1, 03:59:01 L 30.0.0.3/32 is directly connected, eth0 inactive, weight 1, 03:59:21
Attention
DUT1 should not learn route 10.20.20.0/24 from DUT0 (filtered by distribute-list).
Step 5: Run command protocols rip show at DUT1 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.0.0.0/24 0.0.0.0 1 self 0 R(n) 10.10.10.0/24 10.0.0.50 2 10.0.0.50 0 02:58
Step 6: Run command protocols ip show route at DUT1 and expect this output:
Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.0.0.0/24 is directly connected, eth0, weight 1, 00:00:03 L>* 10.0.0.100/32 is directly connected, eth0, weight 1, 00:00:03 R>* 10.10.10.0/24 [120/2] via 10.0.0.50, eth0, weight 1, 00:00:02 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:16:26 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:18:10 L 10.215.168.21/32 is directly connected, eth0 inactive, weight 1, 02:45:32 L> 30.0.0.3/32 is directly connected, eth0 inactive, weight 1, 03:59:02 L 30.0.0.3/32 is directly connected, eth0 inactive, weight 1, 03:59:22