It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure the Filter Setup for OSPF and RIP

  • Last updated on

A filter in OSPF / RIP is required when redistributing routes from one protocol to another. To modify routing information, you can use route maps. When doing so, the filter is applied to match the routes. Certain actions can be applied to the matching routes. For example, the RIP-learned route 10.0.0.0 /24 with metric 4 hops should have metric 6 instead. The match condition in the route map must be a filter matching 10.0.0.0/24 and the set condition must be metric 6. When applying route filters in the RIP or OSPF section, only ACLs or prefix-lists are needed. Route maps are not required.

This configuration is restricted to basic ACLs. Extended ACLs must be be configured in the Text Based Configuration settings.

Configure Filter Setup

Define filters to be referenced within the OSPF Area Setup and/or the RIP Route Update Filtering section. For more information, see How to Configure OSPF Routers and Areas and How to Configure RIP Router Setup.

You can filter OSPF and RIP traffic by access lists, route maps, or IP prefixes.

Define an Access List
  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. Click Lock.
  3. In the left menu, click Filter Setup IPv4 (when using IPv6 addresses, select Filter Setup IPv6 and configure the following settings for IPv6).
  4. Click + in the Access List IPv4 Filters section. The Name is the ACL name / ID. 
  5. Click OK. The Access List IPv4 Filters window opens.
  6. Enter a short Description of the ACL. 
  7. Click + in the Type section. The type specifies if the traffic is allowed (default) or blocked.
  8. Select either to permit (default) traffic or deny.
  9. Enter the Network Prefix.
  10. Click OK.
  11. Click OK to confirm your settings.
  12. Click Send Changes and Activate.

Configure a Route Map

Route maps are used to control and modify routing information that is exchanged between routing domains.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. Click Lock.
  3. In the left menu, click Filter Setup IPv4 (when using IPv6 addresses, select Filter Setup IPv6 and configure the following settings for IPv6).
  4. In the Route Maps IPv4 section, click + to add an entry. The Name is the route map name.
  5. Click OK. The Route Maps IPv4 window opens.
  6. Enter a short Description of the route map.
  7. To configure route maps for OSPF:
    1. Click + in the OSPF Specific Conditions > Route Map Entry section.
    2. In the Sequence Number field, enter the unique identifier for the route map entry.
    3. From the Type drop-down list, select either to permit (default) traffic or deny.
    4. From the Match Condition drop-down list, select how the route map entry matches when the route matches the configured criteria or filter:
      • ACL (default) – If selected, enter the name of ACL defined in the Access List steps above in the ACL Name field.

      • PREFIXLIST – If selected, add the name of the IP prefix list defined in OSPF/RIP Settings > Filter Setup > IPv4 Prefix List Filters in the IP Prefix List field.

      • Gateway-IP – If selected, enter the IP address of the next hop in the route in the Gateway IP (Access List) field.

      • Interface-Name – If selected, enter the interface in the Out Interface Name field. See the Network Interfaces section to gain available interface names.

    5. From the Set Action drop-down list, define the action to set:
      • Metric – If selected, set the metric for the route map in the Set OSPF Metric field.
      • Metric-Type – If selected, set the external metric-type for the route map.
    6. Click OK.
  8. Click OK.
    To configure route maps for RIP:
    1. Click + in the RIP Specific Conditions >Route Map Entry section.
    2. In the Sequence Number field, enter the unique identifier for the route map entry.
    3. From the Type drop-down list, select either to permit (default) traffic or deny.
    4. From the Match Condition drop-down list, select how the route map entry matches when the route matches the configured criteria or filter:
      • ACL (default) – If selected, enter the name of ACL defined in the Access List steps above in the ACL Name field.

      • PREFIXLIST – If selected, add the name of the IP prefix list defined in OSPF/RIP Settings > Filter Setup > IPv4 Prefix List Filters in the IP Prefix List field.

      • Gateway-IP – If selected, enter the IP address of the next hop in the route in the Gateway IP (Access List) field.

      • Interface-Name – If selected, enter the interface in the Out Interface Name field. See the Network Interfaces section to gain available interface names.

      • Metric – If selected, set the metric for the route map in the Match Metric field.
    5. From the Set Action drop-down list, define the action to set:
      • Next-hop – If selected, enter the next hop IP address in the Set RIP Next-Hop IP field.
      • Metric – If selected, set the metric for the route map in the Set RIP Metric field.
    6. Click OK.
  9. Click OK to confirm your settings.
  10. Click Send Changes and Activate.

Define an IPv4 Prefix List

Prefix lists are easier to understand for route filters than ACLs. Example of IP prefix list filter usage:

 

Network Prefix

Type

Extent Type

Deny default route 0.0.0.0/32

0.0.0.0/32

denynone

permit prefix 10.0.0.0/24

10.0.0.0/24

permitnone

To configure IP prefix list filters:

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. Click Lock.
  3. In the left menu, click Filter Setup IPv4 (when using IPv6 addresses, select Filter Setup IPv6 and configure the following settings for IPv6).
  4. In the IPv4 Prefix Lists section, click + to add an entry. The Name is the name of the IP prefix list.
  5. Click OK. The IPv4 Prefix Lists window opens.
  6. Enter a short Description of the IP prefix list.
  7. Click + in the Sequence Number section.
  8. In the Sequence Number field, enter the unique identifier for a prefix list item.
  9. Enter the Network Prefix.
  10. From the Type drop-down list, select an action for the prefix term. You can select permit (default) or deny.
  11. From the Extent Type drop-down list, select the matching condition:
    • none (default)
    • greater-or-equal – Enter the minimum Prefix Length to be matched in the Prefix Length greater-or-equal field.
    • less-or-equal – Enter the maximum Prefix Length to be matched in the Prefix Length less-or-equal field.
    • both – Enter the minimum and maximum Prefix Length to be matched.
  12. Click OK.
  13. Click OK to confirm your settings.

  14. Click Send Changes and Activate.