This article provides information on how to configure the parameters for the Network Interfaces Configuration section within the OSPF/RIP Settings of the Barracuda CloudGen Firewall.
In the Network Interfaces Configuration section, interface-specific parameters of the routing protocols are configured (this applies to OSPF and RIP):
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
- Click Lock.
- In the left menu, click Network Interfaces. In this section, the parameters can be specified as follows:
Section Network Interfaces Configuration
- Load Interface Info – If set to yes, the list of available interfaces is loaded after execution of Send Changes.
- Interfaces – See Interface list (Available Interfaces).
Shared Interfaces Configuration
Shared interfaces can be edited by double-clicking or added by using the + icon.
- Interface Description – Informational text field.
- Apply to Interface – Specifies the network interface to which the following settings apply.
- Activate Config for – Specifies the routing protocols for which the settings should be activated on this interface. Possible settings are OSPF, RIP, or OSPF+RIP.
- Passive Interface – On a passive interface the routing protocol does not send Hello packets. The network configured for this interface is still advertised. An interface is active by default (setting: No).
- Parameter Template - References templates for this interface.
OSPF-Specific Parameters
- Network Type – Type of network. Ethernet is normally broadcast. Sometimes there may be a need to use point-to-point for Ethernet links, for example, when there is only a /30 subnet. Type non-broadcast is needed to propagate OSPF over a VPN tunnel.
Bandwidth [kBit/s] - Bandwidth of the interface. Configuration is highly recommended since this information cannot be determined automatically. This setting is used by OSPF to calculate the metric.
- Interface Addresses - By specifying an interface address, the configuration applies only for a single OSPF network. This parameter can be useful in multinet environments. Otherwise, the parameters applies to all OSPF networks on the given interface.
- Parameter Template for Address – References templates for this interface.
RIP-Specific Parameters
- Enable Split Horizon – Split Horizon is a mechanism used by RIP to reduce the possibility of routing loops. By enabling this parameter (default: yes), routes learned from a specific interface are not re-advertised on this interface.
- Enable Poisoned Reverse – This technology is an extension of Split Horizon. By enabling this setting (default: no), routes learned from a specific interface are re-advertised on this interface, but the metric is set to infinity (16).
Section Available Interfaces
This section displays a read-only list of the available network interfaces. Available interfaces can be edited by double-clicking or added by using +.
Section Parameter Template Configuration
Shared interfaces can be edited by double-clicking or added by using the + icon.
OSPF Parameters
- Authentication Type - Authentication for neighbors on specified interface. Either no authentication (default: null), simple authentication as specified in RFC1583, or the cryptographic authentication digest-MD5 (RFC2328) can be used.
- Simple Authentication Key - Password for simple authentication. This value only has to be specified with Authentication type set to simple.
- Digest Authentication Key – Password for digest authentication. This value only has to be specified with Authentication type set to digest-MD5.
- Message Digest Key ID – Key for digest authentication. This value only has to be specified with Authentication type set to digest-MD5.
- OSPF Cost – Set to a higher value, the router will be more eligible to become a Designated Router or a Backup Designated Router. Set to 0, the router is no longer eligible to become a Designated Router. Default: 1.
- OSPF Dead Interval – Seconds for timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network.
- OSPF Hello Interval – Time to wait between OSPF "hello" messages to neighbors (sec). This value must be the same for all routers attached to a common network.
- OSPF Retransmit Interval – Minimum time waited between retransmissions (sec).
- OSPF Transmit Delay – Sets number of seconds for InfTransDelay value. The InfTransDelay parameter defines the estimated time required to send a link-state update packet on the interface.
RIP Parameters
- Authentication Type – Authentication for neighbors on specified interface. Either no authentication (default: null), text authentication, or the cryptographic authentication digest-MD5 (RFC2082) can be used.
- RIP Key Chain – The pull-down menu displays the configured key chains (see: ) and allows selection of a key chain which is used for authentication.
- RIP Text Secret – Specifies the text secret used for authentication purposes. Note that the value specified here always takes precedence over the RIP keychain settings.
- Send Protocol – Configures protocol types for transmission. Possible values are Version_1, Version_2 or Version_1+2.
- Receive Protocol – Configures protocol types for reception. Possible values are Version_1, Version_2 or Version_1+2.
Neighbor Setup
For connectivity issues, it is sometimes recommended to set the neighbors statically.
In the left menu, click Neighbor Setup IPv4 or Neighbor Setup IPv6 if you are using IPv6 addresses.
- To add an entry, click +.
- Enter a descriptive name and click OK to open the configuration window.
- In this section, the parameters can be specified as follows:
- Neighbor IPv4 – IP address of the neighbor to exchange routing information with.
- Active – Set to no if you want to disable this neighbor configuration.
- Routing Protocols – Specifies which routing protocols should be exchanged with this neighbor. Possible values are OSPF, RIP or BGP.
- Neighbor Priority – This parameter influences the Designated Router election. Set to a higher value, the router will be more eligible to become a Designated Router. Set to 0 , the router is no longer eligible to become a Designated Router or a Backup Designated Router. Default: 1.
- Dead Neighbor Poll Interval – Seconds between two neighbor probings.
- Click OK.
- Click Send Changes and Activate.